[Openswan Users] weird l2tp problem
dan.cave at me.com
Wed Jul 18 17:39:21 EDT 2012
Having read your email and its obvious you're doing as much diagnostic to work out whats happening here, but I've not used L2tp over ipsec, however I'm just trying to get a handle on where you're stuck.
Am I right in thinking your L2TP tunnel is failing to establish? so that you can run IP between it and setup routing between your local subnets?
I'm guessing that either your configuration at both/one end is not correct or you're trying to do something rather unusual. Can you explain to us exactly what you're trying to achieve and why/what you're expecting to happen
An ansi scematic might help of your LHS/RHS and overlay of L2TP and routing requirements ?
Hope to help
On 18 Jul 2012, at 19:47, geert geurts wrote:
> Hi all!
> ok got a bit further...
> below the output of tcpdump -vv host XX.XX.XX.0 and proto 17 to dump all UDP packet from XX.XX.XX.0 to check if packets actually get in...
> 20:32:28.881603 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 120)
> 126.96.36.199.isakmp > ip0-139-173-82.adsl2.static.versatel.nl.isakmp: isakmp 1.0 msgid cookie ->: phase 2/others ? inf[E]: [encrypted hash]
> 20:32:58.913884 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 120)
> ip0-139-173-82.adsl2.static.versatel.nl.isakmp > 188.8.131.52.isakmp: [no cksum] isakmp 1.0 msgid cookie ->: phase 2/others ? inf[E]: [encrypted hash]
> Then I've check strace of xl2tpd to see how it responds to these packets.
> below the output of strace xltpd -D (server-side):
> execve("/usr/sbin/xl2tpd", ["xl2tpd", "-D"], [/* 18 vars */]) = 0
> brk(0) = 0x1d23000
> ...(I left out allot of messages concerning xl2tpd startup)
> write(2, "xl2tpd: Listening on IP ad"..., 63xl2tpd: Listening on IP address XX.XX.XX.174, port 1701
> ) = 63
> select(5, [3 4], NULL, NULL, NULL
> And it stays there...
> No output after this, so somehow the packets do endup at the server, but are not picked up by xl2tpd...
> I'm completely stuck here...
> Any suggestions are more then welcome!
> Users at lists.openswan.org
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users