[Openswan Users] Tunnels does not come up

Philipp Hoffmann phoffmann10 at icloud.com
Sat Jan 11 14:56:57 EST 2014


Hello,

our ADSL customers tries to connect to our l2tp server:

—
Jan 11 20:47:56 ipsec01 xl2tpd[3203]: handle_avps:  don't know how to handle atribute 110.
Jan 11 20:47:56 ipsec01 xl2tpd[3203]: control_finish: Peer requested tunnel 56988 twice, ignoring second one.
Jan 11 20:47:56 ipsec01 xl2tpd[3203]: handle_avps:  don't know how to handle atribute 105.
Jan 11 20:47:56 ipsec01 xl2tpd[3203]: control_finish: Connection closed to <IP of Cisco router>, port 1701 (Tunnel auth failed for ipsec01), Local: 51333, Remote: 56988
Jan 11 20:47:56 ipsec01 xl2tpd[3203]: Can not find tunnel 51333 (refhim=0)
Jan 11 20:47:56 ipsec01 xl2tpd[3203]: network_thread: unable to find call or tunnel to handle packet.  call = 0, tunnel = 51333 Dumping.
—

It seems, that the tunnels does not come up.

Trace on Cisco LAC:

—
Jan 11 16:58:57.975 CET: VPDN failure cause: received Result 2, Error 6,
existing Authentication failed
Jan 11 16:58:59.335 CET: VPDN CALL [uid:876]: Requesting connection
Jan 11 16:58:59.335 CET: VPDN CALL [uid:876]: Call request sent
Jan 11 16:58:59.335 CET: VPDN MGR [uid:876]: Initiating compulsory
connection to <ip>
Jan 11 16:59:01.355 CET: VPDN MGR [uid:876]: Fail to forward
<user>
Jan 11 16:59:01.355 CET: VPDN MGR [uid:876]: accounting stop sent
Jan 11 16:59:01.355 CET: VPDN CALL [uid:876]: Connection failed
Jan 11 16:59:01.355 CET: VPDN CALL [uid:876]: Free request
--

For reference:

xl2tpd.conf:

—
[global]
ipsec saref = yes
listen-addr = 217.69.89.90

[lns default]
ip range = <range>
local ip = <local ip>
require authentication = yes
require chap = yes
require pap = no
refuse authentication = no
refuse chap = no
refuse pap = yes
name = ipsec01
ppp debug = yes
length bit = yes
pppoptfile = /etc/ppp/options.xl2tpd
—

l2tp-secrets:

—
# Secrets for authenticating l2tp tunnels
# us    them    secret
# *             marko blah2
# zeus          marko   blah
# *     *       interop
*       *       <secret>
--

options.xl2tpd:

—
ipcp-accept-local
ipcp-accept-remote
ms-dns <ns01>
ms-dns <ns02>
noccp
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
plugin radius.so
—

Has anyone a hint how to fix this?

Best Regards
Philipp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140111/9e0cf306/attachment.html>


More information about the Users mailing list