[Openswan Users] OpenSwan/xl2tpd stalls for 2s mid-connection

Giles dev.first at digitalchild.co.uk
Thu Apr 12 06:04:10 EDT 2012


Hi,

 

Just as a follow up to this:

 

With Paul's help we tracked down the likely culprit. It seems that xl2tpd is
trying to send communicate across the IPSec tunnel before the SA is
established in both directions. As such the first packet (s) do not get
through and xl2tpd stalls. Unfortunately it blocks while it's waiting
leading to the problem I noticed.

 

Paul did suggest I could add KLIPS support to my Debian kernel (KLIPS will
cache packets sent before the SA is fully established) but that is deviating
a bit too far off the mainstream for my application. My knowledge of Linux
doesn't extend quite that far and I don't have time right now to learn.

 

I've worked around it by ditching the L2TP part of my VPN set up. IPSec is
quite capable, I now realise, of establishing routes between subnets so a
"pure IPSec" VPN seems to work very well for me. It's faster (1.5ms ping
round-trip across my LAN compared to 6 to 10ms with the L2TP tunnel). I
started out down the L2TP route more by accident, probably because that's
generally what Windows clients use and so there's a lot of talk about it
online. People doing IPSec VPNs seem to use Cisco a lot of the time so I had
foolishly disregarded this.

 

So, thanks to the mailing list for your help!

 

Giles.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120412/21233d57/attachment.html>


More information about the Users mailing list