[Openswan Users] FW: Windows XP L2tpipsec client connecting to Ubuntu server

Mike Giles Mike.Giles at thekentongroup.com
Mon Nov 29 04:23:59 EST 2010


Hi Tim,

I am running SP3 so I believe this update package is not required ?

I do have AssumeUDPEncapsulationContextOnSendRule set to 2 though.

 

I was hoping to find out what the xl2tpd debug messages indicate.

 

 

Thanks & Regards,

Mike.

 

 

From: tim marks [mailto:tsmarks at gmail.com] 
Sent: 27 November 2010 16:53
To: Mike Giles
Subject: Re: [Openswan Users] FW: Windows XP L2tpipsec client connecting
to Ubuntu server

 

I had problems with the Windows NAT-T function. I had not enabled it in
the registry.  It sounds like both the server and the client and behind
NAT?  If that is the case you might also be having a NAT issue.

http://support.microsoft.com/kb/818043

That is what worked for me.

Tim 

On Wed, Nov 24, 2010 at 3:31 AM, Mike Giles
<Mike.Giles at thekentongroup.com> wrote:

Hi Tim,

Thanks for your reply.

The Ubuntu server (Sheevaplug with mobile broadband usb dongle) is
always connected to the same provider with a static Ip address.

The XP client I have tried connecting via 2 different ADSL lines.

First via SBS 2003 server with ISA server configured to pass everything
to/from XP client PC, the ADSL router is configured with static NAT to
SBS 2003 server.

Second XP client connected directly to ADSL router. Using NAT with
Firewall disabled.

 

I  haven't been able to connect for a while now with either connection.

 

Regards,

Mike

 

 

From: tim marks [mailto:tsmarks at gmail.com] 
Sent: 24 November 2010 06:14
To: Mike Giles
Subject: Re: [Openswan Users] FW: Windows XP L2tpipsec client connecting
to Ubuntu server

 

When the XP connects, is it always from the same network? Or is it a
mobile system, connecting from hotspots and other networks?

Tim

On Fri, Nov 19, 2010 at 6:53 AM, Mike Giles
<Mike.Giles at thekentongroup.com> wrote:

Hi again,
I am now getting the following in xl2tpd debug:

Nov 19 17:00:30 ubuntu xl2tpd[2432]: control_finish: Peer requested
tunnel 22 tw
ice, ignoring second one.
Nov 19 17:00:32 ubuntu xl2tpd[2432]: Unable to deliver closing message
for tunne
l 1344. Destroying anyway.
Nov 19 17:03:42 ubuntu xl2tpd[2704]: control_finish: Peer requested
tunnel 23 tw
ice, ignoring second one.
Nov 19 17:03:47 ubuntu last message repeated 2 times
Nov 19 17:03:52 ubuntu xl2tpd[2704]: Unable to deliver closing message
for tunne
l 63083. Destroying anyway.
Nov 19 17:04:05 ubuntu xl2tpd[2704]: control_finish: Peer requested
tunnel 23 tw
ice, ignoring second one.
Nov 19 17:04:07 ubuntu xl2tpd[2704]: Unable to deliver closing message
for tunne
l 65184. Destroying anyway.
Nov 19 17:16:40 ubuntu xl2tpd[2704]: control_finish: Peer requested
tunnel 24 tw
ice, ignoring second one.
Nov 19 17:16:45 ubuntu last message repeated 2 times
Nov 19 17:16:50 ubuntu xl2tpd[2704]: Unable to deliver closing message
for tunne
l 48238. Destroying anyway.
Nov 19 17:17:03 ubuntu xl2tpd[2704]: control_finish: Peer requested
tunnel 24 tw
ice, ignoring second one.
Nov 19 17:17:05 ubuntu xl2tpd[2704]: Unable to deliver closing message
for tunne
l 43240. Destroying anyway.
root at ubuntu:/var/log#

config as attached:

Could anyone help me with this ?

Regards,
Mike


-----Original Message-----
From: Mike Giles
Sent: 06 September 2010 13:28
To: 'users at openswan.org'
Subject: Windows XP L2tpipsec client connecting to Ubuntu server

Hi,
I have a Ubuntu server which I'm trying to connect to with a Windows XP
client (L2tpipsec) I'm using PSK at the  moment.
Ubuntu 2.6.32.9
Openswan IPSEc 2.6.25
Xl2tpd 1.2.0

I have followed:
http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-
openswan-xl2tpd-with-native-windows-clients.html
<http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up
-%0Aopenswan-xl2tpd-with-native-windows-clients.html> 

I can sometimes connect ok.

However the server often generates ICMP destination port unreachable
(1701) in reply to ESP packets (Destination port 4500).

I have attached a failed connect and a successful connect. (tcpdump on
server side) The server is connected via a usb mobile broadband modem
(using a static public IP address NATed to 10.8.11.254).

I have tried connecting with no rules setup in iptables and with rules
accepting the specific ports (500,4500 and 1701).

Any suggestions would be very helpful.

Thanks & Regards,
Mike


_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101129/5cd281a4/attachment.html 


More information about the Users mailing list