[Openswan Users] Troubleshooting ipsec/l2tp

klas openswan at k.flum.net
Tue Oct 22 13:46:43 UTC 2013


Yes they are in the same IP-range, but I suppose that I was a bit
unclear. Machine number 2 is never able to connect. It doesn't matter
if machine 1 i connected or not.

Log logs like this
xl2tpd[18989]: Connecting to host xxx.xxx.xxx.xxx, port 1701
xl2tpd[18989]: control_finish: message type is (null)(0).  Tunnel is 0,
call is 0. 
packet dump: 
HEX: { C8 02 00 65 ... } ASCII:
{    e
xxxx      xelerance.com                } 
xl2tpd[18989]: control_finish: sending SCCRQ 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: Maximum retries exceeded for tunnel 55315. Closing.
packet dump:
HEX: { C8 02 00 ... } ASCII: {    - Timeout} 
xl2tpd[18989]: Connection 0 closed to xxx.xxx.xxx.xxx, port 1701
(Timeout) 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: network_thread: select timeout 
xl2tpd[18989]: Unable to deliver closing message for tunnel 55315.
Destroying anyway.




On Tue, 22 Oct 2013 08:52:56 +1100
Paul Young <paul at arkig.com> wrote:

> It sounds like both clients are within the same IP range. You'll
> probably find that the first machine to connect is ok and the 2nd
> machine will not be able to connect simply because of the IP range.
> 
> If you look in /var/log/secure you should see something about the
> tunnel already being in use (I am paraphrasing) for the 2nd machines
> connection.
> 
> 
> On 22 October 2013 05:18, klas <openswan at k.flum.net> wrote:
> 
> > I've got two machines in the same LAN. Both have (as far as I can
> > tell) identical configurations for ipsec and xl2tpd. Once machine
> > can connect as client to the server, the other one can't.
> > The clients and the server are both behind NAT.
> >
> > ipsec seems to come up fine for both machines, but machine 2 is not
> > able to set up l2tp. It's sending one packet and gets no answer.
> >
> > Any pointers about how to troubleshoot this?
> >
> > Thanks
> > Klas
> >
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments:
> > https://flattr.com/thing/38387/IPsec-for-Linux-made-easy Building
> > and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >



More information about the Users mailing list