[Openswan Users] Error in OPENSWAN with XL2TP

Willie Gillespie wgillespie+openswan at es2eng.com
Thu Jun 2 13:48:07 EDT 2011


I don't see any real errors here.  The message you are seeing when 
starting xl2tpd is more of an informational/warning.  It doesn't require 
kernel L2TP to work.  My guess is that the client is connecting, but 
then closing things down.

The IPsec part is working.  Maybe turn on debugging in 
/etc/xl2tpd/xl2tpd.conf with ppp debug = yes
Then look at /var/log/debug and see if anything sticks out to you.

Willie

On 6/2/2011 2:10 AM, heta shah wrote:
> Hello Sir,
>
> Please help me regarding IPSEC with L2TP. I have configure OPENSWAN with
> L2TP . when I am tring to connect to server from NATed site it showing
> this error on server side.
> My server is Ubuntu 9.10 server edition with kernel  2.6.28-11-server
>
>
>
>
> Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #14: peer client type is FQDN
> Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #14: Applying workaround for MS-818043 NAT-T bug
> Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #14: IDci was FQDN: t\307\251-, using
> NAT_OA=192.168.1.35/32 <http://192.168.1.35/32> as IDci
> Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #14: the peer proposed: 116.199.169.45/32:17/1701
> <http://116.199.169.45/32:17/1701> -> 192.168.1.35/32:17/0
> <http://192.168.1.35/32:17/0>
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #15: responding to Quick Mode proposal {msgid:314343e9}
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #15:     us: 116.199.169.45<116.199.169.45>[+S=C]:17/1701
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #15:   them: 117.196.10.91[@2k3test.enjay.com
> <http://2k3test.enjay.com>,+S=C]:17/1701===?
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #15: transition from state STATE_QUICK_R0 to state
> STATE_QUICK_R1
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #15: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
> expecting QI2
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #15: transition from state STATE_QUICK_R1 to state
> STATE_QUICK_R2
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> 117.196.10.91 #15: STATE_QUICK_R2: IPsec SA established transport mode
> {ESP=>0x8b28bcad <0xa93368e1 xfrm=3DES_0-HMAC_MD5 NATOA=192.168.1.35
> NATD=117.196.10.91:4500 <http://117.196.10.91:4500> DPD=none}
> Jun  2 13:34:36 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]
> 117.196.10.91 #18: received Delete SA(0x8b9e0884) payload: deleting
> IPSEC State #19
> Jun  2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]
> 117.196.10.91 #18: received and ignored informational message
> Jun  2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]
> 117.196.10.91 #18: received Delete SA payload: deleting ISAKMP State #18
> Jun  2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]
> 117.196.10.91 <http://117.196.10.91>: deleting connection "L2TP-PSK-NAT"
> instance with peer 117.196.10.91 {isakmp=#0/ipsec=#0}
> Jun  2 13:34:37 cloud-enjay pluto[2638]: packet from 117.196.10.91:4500
> <http://117.196.10.91:4500>: received and ignored informational message
>
>
> when I am starting the XL2TP service it gives this error.
>
> Jun  2 13:37:01 cloud-enjay xl2tpd[24455]: setsockopt recvref[22]:
> Protocol not available
> Jun  2 13:37:01 cloud-enjay xl2tpd[24455]: This binary does not support
> kernel L2TP.
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: xl2tpd version xl2tpd-1.2.4
> started on cloud-enjay PID:24456
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Written by Mark Spencer,
> Copyright (C) 1998, Adtran, Inc.
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Forked by Scott Balmos and
> David Stipp, (C) 2001
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Inherited by Jeff McAdams,
> (C) 2002
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Forked again by Xelerance
> (www.xelerance.com <http://www.xelerance.com>) (C) 2006
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Listening on IP address
> 0.0.0.0, port 1701
>
> Please help me If anyone knows about it.
> --
> Thanks and Regards.
>
> Heta Shah
> 91-9662505876
>
>
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list