[Openswan Users] IPsec+L2TP connects the first time. Then doesn't...

Jai Dhar jdhar at fps-tech.net
Tue Jan 4 16:36:30 EST 2011


I seem to be having this same issue, outlined in this thread
(http://lists.openswan.org/pipermail/users/2010-September/019380.html),
but I'm using the latest Openswan / xl2tpd versions built from source.

I'm connecting with an iPad client, and have the following (relevant)
configuration options set:

ipsec.conf:

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv,%no
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=192.168.1.200
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/0

I did try rightprotoport=17/%any and it did the same thing

For xl2tpd.conf:

[global]
;ipsec saref = yes
debug avp = no
debug network = no
debug packet = no
debug state = no
debug tunnel = yes
; listen-addr = 192.168.1.98
;
; requires openswan-2.5.18 or higher - Also does not yet work in combination
; with kernel mode l2tp as present in linux 2.6.23+
; ipsec saref = yes
; forceuserspace = yes
;
;debug tunnel = yes

[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

I can connect the first time, but then need to restart ipsec to
connect again. For now, I have worked around this by restart ipsec in
ip-down.d for ppp, but this is obviously a bad solution.

Here is my syslog and auth.log when I connect:

Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [RFC 3947] method set to=109
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
to=110
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
but already using method 110
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
but already using method 110
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 110
Jan  4 13:33:26 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [Dead Peer Detection]
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
responding to Main Mode from unknown peer 192.168.1.1
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both
are NATed
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
STATE_MAIN_R2: sent MR2, expecting MI3
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
ignoring informational payload, type IPSEC_INITIAL_CONTACT
msgid=00000000
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
Main mode peer ID is ID_IPV4_ADDR: '192.168.1.109'
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[1] 192.168.1.1 #1:
switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
deleting connection "L2TP-PSK-NAT" instance with peer 192.168.1.1
{isakmp=#0/ipsec=#0}
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
new NAT mapping for #1, was 192.168.1.1:500, now 192.168.1.1:4500
Jan  4 13:33:26 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
group=modp1024}

==> /var/log/syslog <==
Jan  4 13:33:27 viammc xl2tpd[13917]: get_call: allocating new tunnel
for host 192.168.1.1, port 61452.

==> /var/log/auth.log <==
Jan  4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
the peer proposed: 24.6.221.176/32:17/1701 -> 192.168.1.109/32:17/0
Jan  4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
responding to Quick Mode proposal {msgid:bc0427c3}
Jan  4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
    us: 192.168.1.200<192.168.1.200>[+S=C]:17/1701
Jan  4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
  them: 192.168.1.1[192.168.1.109,+S=C]:17/0===192.168.1.109/32
Jan  4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan  4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan  4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
netlink_raw_eroute: WARNING: that_client port 61452 and that_host port
4500 don't match. Using that_client port.
Jan  4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan  4 13:33:27 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #2:
STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0661b379
<0x61228e2e xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=192.168.1.1:4500
DPD=none}

==> /var/log/syslog <==
Jan  4 13:33:29 viammc xl2tpd[13917]: build_fdset: closing down tunnel 27588
Jan  4 13:33:29 viammc xl2tpd[13917]: get_call: allocating new tunnel
for host 192.168.1.1, port 61452.
Jan  4 13:33:29 viammc xl2tpd[13917]: control_finish: Peer requested
tunnel 32 twice, ignoring second one.
Jan  4 13:33:29 viammc xl2tpd[13917]: build_fdset: closing down tunnel 31065
Jan  4 13:33:29 viammc xl2tpd[13917]: Connection established to
192.168.1.1, 61452.  Local: 61572, Remote: 32 (ref=0/0).  LNS session
is 'default'
Jan  4 13:33:29 viammc xl2tpd[13917]: start_pppd: I'm running:
Jan  4 13:33:29 viammc xl2tpd[13917]: "/usr/sbin/pppd"
Jan  4 13:33:29 viammc xl2tpd[13917]: "passive"
Jan  4 13:33:29 viammc xl2tpd[13917]: "nodetach"
Jan  4 13:33:29 viammc xl2tpd[13917]: "10.1.2.1:10.1.2.2"
Jan  4 13:33:29 viammc xl2tpd[13917]: "refuse-pap"
Jan  4 13:33:29 viammc xl2tpd[13917]: "auth"
Jan  4 13:33:29 viammc xl2tpd[13917]: "require-chap"
Jan  4 13:33:29 viammc xl2tpd[13917]: "name"
Jan  4 13:33:29 viammc xl2tpd[13917]: "LinuxVPNserver"
Jan  4 13:33:29 viammc xl2tpd[13917]: "debug"
Jan  4 13:33:29 viammc xl2tpd[13917]: "file"
Jan  4 13:33:29 viammc xl2tpd[13917]: "/etc/ppp/options.xl2tpd"
Jan  4 13:33:29 viammc xl2tpd[13917]: "/dev/pts/2"
Jan  4 13:33:29 viammc pppd[15193]: pppd 2.4.4 started by root, uid 0
Jan  4 13:33:29 viammc pppd[15193]: using channel 12
Jan  4 13:33:29 viammc pppd[15193]: Using interface ppp0
Jan  4 13:33:29 viammc pppd[15193]: Connect: ppp0 <--> /dev/pts/2
Jan  4 13:33:29 viammc pppd[15193]: sent [LCP ConfReq id=0x1 <mru
1410> <asyncmap 0x0> <auth chap MD5> <magic 0x2ba86c5e> <pcomp>
<accomp>]
Jan  4 13:33:29 viammc xl2tpd[13917]: Call established with
192.168.1.1, Local: 34785, Remote: 1704, Serial: 1
Jan  4 13:33:29 viammc pppd[15193]: rcvd [LCP ConfReq id=0x1 <asyncmap
0x0> <magic 0x239fcced> <pcomp> <accomp>]
Jan  4 13:33:29 viammc pppd[15193]: sent [LCP ConfAck id=0x1 <asyncmap
0x0> <magic 0x239fcced> <pcomp> <accomp>]
Jan  4 13:33:29 viammc pppd[15193]: rcvd [LCP ConfAck id=0x1 <mru
1410> <asyncmap 0x0> <auth chap MD5> <magic 0x2ba86c5e> <pcomp>
<accomp>]
Jan  4 13:33:29 viammc pppd[15193]: sent [LCP EchoReq id=0x0 magic=0x2ba86c5e]
Jan  4 13:33:29 viammc pppd[15193]: sent [CHAP Challenge id=0x9b
<36d3f77cf1d3bd7602b79ee47d6c7fa95c9288e5>, name = "LinuxVPNserver"]
Jan  4 13:33:29 viammc pppd[15193]: rcvd [LCP EchoReq id=0x0 magic=0x239fcced]
Jan  4 13:33:29 viammc pppd[15193]: sent [LCP EchoRep id=0x0 magic=0x2ba86c5e]
Jan  4 13:33:29 viammc pppd[15193]: rcvd [LCP EchoRep id=0x0 magic=0x239fcced]
Jan  4 13:33:29 viammc pppd[15193]: rcvd [CHAP Response id=0x9b
<29c1e83cb7a4df5ade8cc8209ed0cd6c>, name = "jdhar"]
Jan  4 13:33:29 viammc pppd[15193]: sent [CHAP Success id=0x9b "Access granted"]
Jan  4 13:33:29 viammc pppd[15193]: sent [IPCP ConfReq id=0x1
<compress VJ 0f 01> <addr 10.1.2.1>]
Jan  4 13:33:29 viammc pppd[15193]: rcvd [IPCP ConfReq id=0x1 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Jan  4 13:33:29 viammc pppd[15193]: sent [IPCP ConfNak id=0x1 <addr
10.1.2.2> <ms-dns1 192.168.1.1> <ms-dns3 192.168.1.3>]
Jan  4 13:33:29 viammc pppd[15193]: rcvd [IPV6CP ConfReq id=0x1 <addr
fe80::002a:ac43:6e85:5a1c>]
Jan  4 13:33:29 viammc pppd[15193]: Unsupported protocol 'IPv6 Control
Protovol' (0x8057) received
Jan  4 13:33:29 viammc pppd[15193]: sent [LCP ProtRej id=0x2 80 57 01
01 00 0e 01 0a 00 2a ac 43 6e 85 5a 1c]
Jan  4 13:33:29 viammc pppd[15193]: rcvd [IPCP ConfRej id=0x1
<compress VJ 0f 01>]
Jan  4 13:33:29 viammc pppd[15193]: sent [IPCP ConfReq id=0x2 <addr 10.1.2.1>]
Jan  4 13:33:29 viammc pppd[15193]: rcvd [IPCP ConfReq id=0x2 <addr
10.1.2.2> <ms-dns1 192.168.1.1> <ms-dns3 192.168.1.3>]
Jan  4 13:33:29 viammc pppd[15193]: sent [IPCP ConfAck id=0x2 <addr
10.1.2.2> <ms-dns1 192.168.1.1> <ms-dns3 192.168.1.3>]
Jan  4 13:33:29 viammc pppd[15193]: rcvd [IPCP ConfAck id=0x2 <addr 10.1.2.1>]
Jan  4 13:33:29 viammc pppd[15193]: Cannot determine ethernet address
for proxy ARP
Jan  4 13:33:29 viammc pppd[15193]: local  IP address 10.1.2.1
Jan  4 13:33:29 viammc pppd[15193]: remote IP address 10.1.2.2
Jan  4 13:33:29 viammc pppd[15193]: Script /etc/ppp/ip-up started (pid 15195)
Jan  4 13:33:29 viammc pppd[15193]: Script /etc/ppp/ip-up finished
(pid 15195), status = 0x0

...and then when I disconnect....

Jan  4 13:34:52 viammc pppd[15193]: rcvd [LCP TermReq id=0x2 "User request"]
Jan  4 13:34:52 viammc pppd[15193]: LCP terminated by peer (User request)
Jan  4 13:34:52 viammc pppd[15193]: Connect time 1.4 minutes.
Jan  4 13:34:52 viammc pppd[15193]: Sent 0 bytes, received 1450 bytes.
Jan  4 13:34:52 viammc pppd[15193]: Script /etc/ppp/ip-down started (pid 15209)
Jan  4 13:34:52 viammc pppd[15193]: sent [LCP TermAck id=0x2]
Jan  4 13:34:52 viammc pppd[15193]: Script /etc/ppp/ip-down finished
(pid 15209), status = 0x0
Jan  4 13:34:52 viammc xl2tpd[13917]: result_code_avp: result code out
of range (768 0 14).  Ignoring.
Jan  4 13:34:52 viammc xl2tpd[13917]: control_finish: Peer tried to
disconnect without specifying result code.
Jan  4 13:34:52 viammc xl2tpd[13917]: network_thread: bad packet
Jan  4 13:34:52 viammc xl2tpd[13917]: result_code_avp: result code out
of range (256 0 14).  Ignoring.
Jan  4 13:34:52 viammc xl2tpd[13917]: control_finish: Peer tried to
disconnect without specifying result code.
Jan  4 13:34:52 viammc xl2tpd[13917]: network_thread: bad packet
Jan  4 13:34:55 viammc pppd[15193]: Connection terminated.
Jan  4 13:34:55 viammc pppd[15193]: Modem hangup
Jan  4 13:34:55 viammc pppd[15193]: Exit.
Jan  4 13:34:55 viammc xl2tpd[13917]: child_handler : pppd exited for
call 1704 with code 16
Jan  4 13:34:55 viammc xl2tpd[13917]: call_close: Call 34785 to
192.168.1.1 disconnected
Jan  4 13:35:00 viammc xl2tpd[13917]: Maximum retries exceeded for
tunnel 61572.  Closing.


....and finally, a failed reconnect....

==> /var/log/auth.log <==
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [RFC 3947] method set to=109
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set
to=110
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
but already using method 110
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
but already using method 110
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 110
Jan  4 13:35:24 viammc pluto[15126]: packet from 192.168.1.1:500:
received Vendor ID payload [Dead Peer Detection]
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
responding to Main Mode from unknown peer 192.168.1.1
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
STATE_MAIN_R1: sent MR1, expecting MI2
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both
are NATed
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
STATE_MAIN_R2: sent MR2, expecting MI3
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
ignoring informational payload, type IPSEC_INITIAL_CONTACT
msgid=00000000
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
Main mode peer ID is ID_IPV4_ADDR: '192.168.1.109'
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
new NAT mapping for #3, was 192.168.1.1:500, now 192.168.1.1:4500
Jan  4 13:35:24 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
group=modp1024}

==> /var/log/syslog <==
Jan  4 13:35:25 viammc xl2tpd[13917]: get_call: allocating new tunnel
for host 192.168.1.1, port 56429.

==> /var/log/auth.log <==
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #3:
the peer proposed: 24.6.221.176/32:17/1701 -> 192.168.1.109/32:17/0
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
responding to Quick Mode proposal {msgid:6d00f490}
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
    us: 192.168.1.200<192.168.1.200>[+S=C]:17/1701
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
  them: 192.168.1.1[192.168.1.109,+S=C]:17/0===192.168.1.109/32
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
keeping refhim=4294901761 during rekey
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
netlink_raw_eroute: WARNING: that_client port 61452 and that_host port
4500 don't match. Using that_client port.
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan  4 13:35:25 viammc pluto[15126]: "L2TP-PSK-NAT"[2] 192.168.1.1 #4:
STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x081c2aa5
<0x86a2d7d1 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=192.168.1.1:4500
DPD=none}

==> /var/log/syslog <==
Jan  4 13:35:27 viammc xl2tpd[13917]: build_fdset: closing down tunnel 61572
Jan  4 13:35:27 viammc xl2tpd[13917]: Terminating pppd: sending TERM
signal to pid 15193
Jan  4 13:35:27 viammc xl2tpd[13917]: Connection 32 closed to
192.168.1.1, port 61452 (Timeout)
Jan  4 13:35:27 viammc xl2tpd[13917]: get_call: allocating new tunnel
for host 192.168.1.1, port 56429.
Jan  4 13:35:27 viammc xl2tpd[13917]: control_finish: Peer requested
tunnel 33 twice, ignoring second one.
Jan  4 13:35:27 viammc xl2tpd[13917]: build_fdset: closing down tunnel 18215
Jan  4 13:35:28 viammc xl2tpd[13917]: get_call: allocating new tunnel
for host 192.168.1.1, port 56429.
Jan  4 13:35:28 viammc xl2tpd[13917]: control_finish: Peer requested
tunnel 33 twice, ignoring second one.
Jan  4 13:35:28 viammc xl2tpd[13917]: build_fdset: closing down tunnel 44552
Jan  4 13:35:32 viammc xl2tpd[13917]: get_call: allocating new tunnel
for host 192.168.1.1, port 56429.
Jan  4 13:35:32 viammc xl2tpd[13917]: control_finish: Peer requested
tunnel 33 twice, ignoring second one.
Jan  4 13:35:32 viammc xl2tpd[13917]: build_fdset: closing down tunnel 2676
Jan  4 13:35:32 viammc xl2tpd[13917]: Maximum retries exceeded for
tunnel 20370.  Closing.
Jan  4 13:35:32 viammc xl2tpd[13917]: Unable to deliver closing
message for tunnel 61572. Destroying anyway.
Jan  4 13:35:36 viammc xl2tpd[13917]: get_call: allocating new tunnel
for host 192.168.1.1, port 56429.
Jan  4 13:35:36 viammc xl2tpd[13917]: control_finish: Peer requested
tunnel 33 twice, ignoring second one.
Jan  4 13:35:36 viammc xl2tpd[13917]: build_fdset: closing down tunnel 35916
Jan  4 13:35:36 viammc xl2tpd[13917]: build_fdset: closing down tunnel 20370
Jan  4 13:35:36 viammc xl2tpd[13917]: Connection 33 closed to
192.168.1.1, port 56429 (Timeout)
Jan  4 13:35:36 viammc xl2tpd[13917]: build_fdset: closing down tunnel 61572
Jan  4 13:35:40 viammc xl2tpd[13917]: get_call: allocating new tunnel
for host 192.168.1.1, port 56429.
Jan  4 13:35:40 viammc xl2tpd[13917]: control_finish: Peer requested
tunnel 33 twice, ignoring second one.
Jan  4 13:35:40 viammc xl2tpd[13917]: build_fdset: closing down tunnel 30674
Jan  4 13:35:41 viammc xl2tpd[13917]: Unable to deliver closing
message for tunnel 20370. Destroying anyway.
Jan  4 13:35:44 viammc xl2tpd[13917]: get_call: allocating new tunnel
for host 192.168.1.1, port 56429.
Jan  4 13:35:44 viammc xl2tpd[13917]: control_finish: Peer requested
tunnel 33 twice, ignoring second one.
Jan  4 13:35:44 viammc xl2tpd[13917]: build_fdset: closing down tunnel 64485
Jan  4 13:35:44 viammc xl2tpd[13917]: build_fdset: closing down tunnel 20370


Running "sudo ipsec auto --status |grep template" gives nothing. Any ideas?

Thanks,

-- 
Jai Dhar
FPS-Tech, Santa Clara, CA
Web: http://www.fps-tech.net
Phone: 408-982-7407


More information about the Users mailing list