[Openswan Users] Openswan pluto causes connection drop after 10s with Android IPsec/L2TP clients
Paul Wouters
paul at xelerance.com
Fri Sep 2 09:48:40 EDT 2011
On Fri, 2 Sep 2011, Rene Mayrhofer wrote:
>> Also, %any causes instantiation. I am not sure if 0 causes that.
>
> Tried with %any instead of 0, with the same outcome. Connection is established, but terminated again after 10s.
Strange.
> I still think that these messages might be an indication of something going wrong on the openswan pluto side:
>
> Sep 2 10:39:08 sesame-test-client pluto[4450]: "l2tpCertRoadwarriors"[2] 193.170.124.198 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
> Sep 2 10:39:19 sesame-test-client pluto[4450]: "l2tpCertRoadwarriors"[2] 193.170.124.198 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
> Sep 2 10:39:28 sesame-test-client pluto[4450]: "l2tpCertRoadwarriors"[2] 193.170.124.198 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
>
> strongswan pluto does not produce these, and consequently established the IPsec connection significantly faster (ca. 2s vs. ca. 10s for openswan pluto before the L2TP connection starts).
Can you mail me a plutodebug=all log (offlist)
Can you tell me the version of openswan and what patches are applied against it?
> I haven't managed to start racoon in debugging mode so far, as it is started automatically be the framework when a connection is established and then terminated again. I don't seem to have control over that even in a root shell (at least, I haven't dug deep enough yet to find out how to, but that might be very complicated considering the current state of documented-ness of the Android VPN client....).
Can you try to connect to this server:
aivd.xelerance.com
user: test
passwd: test
PSK: test
Paul
More information about the Users
mailing list