[Openswan Users] openswan/xl2tpd failing to create ppp sessions
Paul Wouters
paul at nohats.ca
Mon Feb 27 13:17:00 EST 2012
On Sun, 26 Feb 2012, Jonathon Padfield wrote:
> I'm aiming to run a SAref enabled kernel on Ubuntu 11.10 (kernel 3.0.0-16 #28)
>
> I've followed the instructions at
> https://www.openswan.org/projects/openswan/wiki/Building_and_Installing_an_SAref_capable_KLIPS_version_for_DebianUbuntu
> and applied the 0001/0002 patches for 2.6.38 with minor changes.
Do you wish to share your patches to make the SAref patch work on the
3.x kernels?
> I was hoping to stick with a close to stock kernel & repeatable
> process, so am using packages from
> http://ppa.launchpad.net/openswan/openswan-testing/
> (openswan_2.6.37-1xelerance1_i386.deb) and dkms to load the ipsec
> module
> ipsec starts but does issue a warning about "PF_KEY K_SADB_X_PLUMBIF
> response for configure_mast_device" -- no idea what that means.
You can ignore that message.
> Feb 26 09:56:15 localhost ipsec__plutorun: 003 ERROR: PF_KEY
> K_SADB_X_PLUMBIF response for configure_mast_device included errno
> 17: File exists
and that one.
> Now running xl2tpd in debug mode does give a strange message
> "setsockopt recvref[22]: Protocol not available"
I think that's the error for kernel mode L2TP not being there?, thought
it might be the SAref patch. The number "22" looks like it could be an
older number used. Remember the SAref patch and xl2tpd need to agree on
the socket option number (and we don't have an official one yet)
> Feb 26 10:03:01 localhost pluto[11061]: "L2TP-PSK-NAT"[2] xx.xx.xx.xx
> #1: Applying workaround for Mac OS X NAT-OA bug, ignoring proposed
> subnet
You will need the patch for OSX/android clients from git (not yet in a
full release, will be in openswan 2.6.38)
> Feb 26 10:03:01 localhost pluto[11061]: "L2TP-PSK-NAT"[2] xx.xx.xx.xx
> #1: a private network virtual IP was required, but the proposed IP
> did not match our list (virtual_private=)
You might need to allow more in virtual_private if you're NATed on an
IP range that is not within RFC1918.
Paul
More information about the Users
mailing list