[Openswan Users] L2TP problem with OpenSWAN 2.6.x after changing default route

Nels Lindquist nlindq at maei.ca
Wed Jul 13 17:07:17 EDT 2011 

On 2011/07/13 8:44 AM, Paul Wouters wrote:
> On Tue, 12 Jul 2011, Nels Lindquist wrote:
> 
>> interfaces, and OpenSWAN is configured to use one of them.  For
>> operational reasons we sometimes switch the default route from the
>> primary interface (used for IPSEC) to the secondary interface.  When
>> using OpenSWAN 2.4.x, there are no issues; all tunnels continue to
>> operate normally and any new connections, L2TP or otherwise, are
>> initiated and function normally.
>>
>> I tried upgrading to 2.6.x (most recently tried 2.6.33 and 2.6.34),
>> which generally works the same way *except* that any new L2TP
>> connections attempted while the default route is not the interface used
>> for IPSEC, the L2TP tunnel fails.  (The IPSEC transport mode connection
>> is still created properly).  L2TP connections work perfectly well as
>> long as the default route is the same as "left".
> 
> I dont understand who 2.4 and 2.6 with netkey are different ?

With 2.4, I can successfully initiate new L2TP connections to the
gateway regardless of how the default route is set.  With 2.6, new L2TP
connections are only successful if the default route on the gateway is
the same as the interface used for IPSEC.

>> I'm still using xl2tpd version 1.1.2 as the gateway in question is
>> CentOS 4 and the kernel isn't new enough to build the xl2tpd 1.2.x
>> series.
> 
> There is no kernel issue if you are not trying to get the CONFIG_OL2TP
> stuff
> in the kernel (which we currently don't support anyway)

I'm trying to build an RPM, and the included specfile has a
"BuildRequires: kernel-headers => 2.6.23".  I've now removed that for
testing.

It appears my ultimate xl2tpd build issue is the libpcap requirement,
however.  Despite having libpcap installed (and there's no separate
devel package--headers, etc. are included) I receive the following error
during compilation:

---
contrib/pfc.c: In function `main':
contrib/pfc.c:45: error: `DLT_PPP_PPPD' undeclared (first use in this
function)
contrib/pfc.c:45: error: (Each undeclared identifier is reported only once
contrib/pfc.c:45: error: for each function it appears in.)
make: *** [pfc] Error 1
---

There appears to be no newer version of libpcap available from my
distro, and the version I've got (0.8.3) doesn't define DLT_PPP_PPPD
according to the man(3) page.

Nels Lindquist

More information about the Users mailing list