[Openswan Users] weird l2tp problem

geert geurts geert at verweggistan.eu
Wed Jul 18 18:15:15 EDT 2012


Hi Daniel,

Thanks for your response!
Indeed it can be quite useful when someone explains what he tries to do....
uuugh...
Ok, So I have a VPS server running ubuntu 10.04.
I've been using openvpn which works perfectly, but I wanted to use ipsec
because it's more secure (not really an issue actually but it's just sounds
cool :) and I wanted native support for my android phone.
So my requirements were an ipsec solution with the obvious choice of l2tp
and xl2tpd as it's the main documented option... well at least for as my
google skills go...
I need this to work in a roadwarrior setup as I'm using it from my laptop
and from my phone, both switch ip's often...
Ok...
found the problem... it's the firewall of the internet connection at my
friends place...
He was kind enough to let me stay at his house while he's on vacation, but
now I found out his router is the fault and I'm chasing a ghost... When I
make a connection from my phone with wifi turned off it works! Next step is
going to be hacking his router... ;)

Anyways thanks for your attention...

Regards,

On Wed, Jul 18, 2012 at 11:39 PM, Daniel Cave <dan.cave at me.com> wrote:

> Hi Geert,
>
> Having read your email and its obvious you're doing as much diagnostic to
> work out whats happening here, but I've not used L2tp over ipsec, however
> I'm just trying to get a handle on where you're stuck.
>
> Am I right in thinking your L2TP tunnel is failing to establish? so that
> you can run IP between it and setup routing between your local subnets?
>
> I'm guessing that either your configuration at both/one end is not correct
> or you're trying to do something rather unusual. Can you explain to us
> exactly what you're trying to achieve and why/what you're expecting to
> happen
>
> An ansi scematic might help of your LHS/RHS and overlay of L2TP and
> routing requirements ?
>
> Hope to help
>
> Regards
> Dan
>
>
> On 18 Jul 2012, at 19:47, geert geurts wrote:
>
> > Hi all!
> >
> > ok got a bit further...
> > below the output of tcpdump -vv host XX.XX.XX.0 and proto 17 to dump all
> UDP packet from XX.XX.XX.0 to check if packets actually get in...
> > 20:32:28.881603 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
> UDP (17), length 120)
> >     85.17.206.174.isakmp >
> ip0-139-173-82.adsl2.static.versatel.nl.isakmp: isakmp 1.0 msgid  cookie
> ->: phase 2/others ? inf[E]: [encrypted hash]
> > 20:32:58.913884 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto
> UDP (17), length 120)
> >     ip0-139-173-82.adsl2.static.versatel.nl.isakmp >
> 85.17.206.174.isakmp: [no cksum] isakmp 1.0 msgid  cookie ->: phase
> 2/others ? inf[E]: [encrypted hash]
> >
> > Then I've check strace of xl2tpd to see how it responds to these packets.
> > below the output of strace xltpd -D (server-side):
> > execve("/usr/sbin/xl2tpd", ["xl2tpd", "-D"], [/* 18 vars */]) = 0
> > brk(0)                                  = 0x1d23000
> >
> > ...(I left out allot of messages concerning xl2tpd startup)
> >
> > write(2, "xl2tpd[8571]: Listening on IP ad"..., 63xl2tpd[8571]:
> Listening on IP address XX.XX.XX.174, port 1701
> > ) = 63
> > select(5, [3 4], NULL, NULL, NULL
> >
> > And it stays there...
> > No output after this, so somehow the packets do endup at the server, but
> are not picked up by xl2tpd...
> > I'm completely stuck here...
> >
> > Any suggestions are more then welcome!
> >
> > Thanks!
> >
> > Regards,
> > Geert
> >
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> Regards
>
> Dan.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120719/92067c13/attachment.html>


More information about the Users mailing list