[Openswan Users] weird l2tp problem

geert geurts geert at verweggistan.eu
Wed Jul 18 10:38:19 EDT 2012 

Hi all,

I'm having problems with my VPN.
ipsec section seems to work:
ipsec auto --up IPSECCON
104 "IPSECCON" #18: STATE_MAIN_I1: initiate
003 "IPSECCON" #18: ignoring unknown Vendor ID payload
[4f454a4572405c6072657963]
003 "IPSECCON" #18: received Vendor ID payload [Dead Peer Detection]
106 "IPSECCON" #18: STATE_MAIN_I2: sent MI2, expecting MR2
108 "IPSECCON" #18: STATE_MAIN_I3: sent MI3, expecting MR3
003 "IPSECCON" #18: received Vendor ID payload [CAN-IKEv2]
004 "IPSECCON" #18: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
117 "IPSECCON" #19: STATE_QUICK_I1: initiate
004 "IPSECCON" #19: STATE_QUICK_I2: sent QI2, IPsec SA established
transport mode {ESP=>0x3bc11632 <0x674c80ed xfrm=AES_128-HMAC_SHA1
NATOA=none NATD=none DPD=enabled}

But then the l2tp tunnel won't get up...
I'm running xl2tpd -D on the client side:
xl2tpd -D
xl2tpd[3159]: setsockopt recvref[22]: Protocol not available
xl2tpd[3159]: This binary does not support kernel L2TP.
xl2tpd[3159]: xl2tpd version xl2tpd-1.2.5 started on geert-K53SD PID:3159
xl2tpd[3159]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[3159]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[3159]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[3159]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[3159]: Listening on IP address 0.0.0.0, port 1701

Then after a echo "c tunnel">/var/run/xl2tpd/l2tp-control
I get the following on the client side:

xl2tpd[3159]: get_call: allocating new tunnel for host XX.XX.XX.174, port
1701.
xl2tpd[3159]: Connecting to host XX.XX.XX.174, port 1701
xl2tpd[3159]: control_finish: message type is (null)(0).  Tunnel is 0, call
is 0.
packet dump:
HEX: { C8 02 00 6C 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00
00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 00 00 00 04 00 00 00 00
80 08 00 00 00 06 06 90 80 11 00 00 00 07 67 65 65 72 74 2D 4B 35 33 53 44
80 13 00 00 00 08 78 65 6C 65 72 61 6E 63 65 2E 63 6F 6D 80 08 00 00 00 09
D3 B3 80 08 00 00 00 0A 00 04 }
ASCII: {    l
geert-K53SD      xelerance.com                }
xl2tpd[3159]: control_finish: sending SCCRQ
xl2tpd[3159]: network_thread: select timeout
xl2tpd[3159]: network_thread: select timeout
xl2tpd[3159]: network_thread: select timeout
xl2tpd[3159]: network_thread: select timeout
xl2tpd[3159]: network_thread: select timeout
xl2tpd[3159]: Maximum retries exceeded for tunnel 54195.  Closing.

On the server side I'm running xl2tpd -D but nothing is shown there...
I've checked the firewall, I'm even able to connect using nc -u SERVERIP
1701, and responses are getting trough.
typing "fddggf" in the nc -u SERVERIP 1701 gives the following in the
xl2tpd -D (server-side):

xl2tpd[5045]: network_thread: recv packet from XX.XX.XX.0, size = 7, tunnel
= 26215, call = 2560 ref=0 refhim=0
packet dump:
HEX: { 66 64 64 67 67 66 00 }
ASCII: { fddggf }
xl2tpd[5045]: Can not find tunnel 26215 (refhim=0)
xl2tpd[5045]: network_thread: unable to find call or tunnel to handle
packet.  call = 2560, tunnel = 26215 Dumping.


I don't have much experience with openswan, but I'm completely stuck
here... No idea what to try...
It would be great if someone could make a few suggestions.

Oh... coming to think of it xl2tpd version 1.2.7+dfsg-1 on both sides and
openswan server-side: 1:2.6.32~rc3-1xelerance1, openswan client-side:
1:2.6.37-1

Thanks!

Regards,
Geert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120718/3c47cfdf/attachment.html>

More information about the Users mailing list