LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-02-2013, 05:10 PM   #1
slokie
LQ Newbie
 
Registered: Oct 2012
Location: Arizona
Distribution: CentOS 5.9
Posts: 7

Rep: Reputation: Disabled
L2TP Connection Failure


Help,
I'm trying to open an l2tp connection and it doesn't connect. I'm lost as to why this is failing so badly - any help anyone can provide?

xl2tpd -D

[root@ ~]# xl2tpd -D
xl2tpd[11273]: setsockopt recvref[30]: Protocol not available
xl2tpd[11273]: This binary does not support kernel L2TP.
xl2tpd[11273]: xl2tpd version xl2tpd-1.3.1 started on vpn02 PID:11273
xl2tpd[11273]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[11273]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[11273]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[11273]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[11273]: Listening on IP address 64.211.xxx.xxx, port 1701

secure.log
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [RFC 3947] method set to=109
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Apr 1 15:11:20 l2tp pluto[2207]: packet from 64.211.xxx.rec:18935: received Vendor ID payload [Dead Peer Detection]
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: responding to Main Mode from unknown peer 64.211.xxx.rec
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: Main mode peer ID is ID_IPV4_ADDR: '10.69.18.91'
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[13] 64.211.xxx.rec #13: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: deleting connection "L2TP-PSK-NAT" instance with peer 64.211.xxx.rec {isakmp=#0/ipsec=#0}
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: new NAT mapping for #13, was 64.211.xxx.rec:18935, now 64.211.xxx.rec:64113
Apr 1 15:11:20 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: the peer proposed: 64.211.xxx.xxx/32:17/1701 -> 10.69.18.91/32:17/0
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: responding to Quick Mode proposal {msgid:c8030e82}
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: us: 64.211.xxx.xxx<64.211.xxx.xxx>[+S=C]:17/1701
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: them: 64.211.xxx.rec[10.69.18.91,+S=C]:17/58382===10.69.18.91/32
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 1 15:11:21 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #14: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0145a385 <0x958cc9d9 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=64.211.xxx.rec:64113 DPD=none}
Apr 1 15:11:41 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: received Delete SA(0x0145a385) payload: deleting IPSEC State #14
Apr 1 15:11:41 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: received and ignored informational message
Apr 1 15:11:41 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec #13: received Delete SA payload: deleting ISAKMP State #13
Apr 1 15:11:41 l2tp pluto[2207]: "L2TP-PSK-NAT"[14] 64.211.xxx.rec: deleting connection "L2TP-PSK-NAT" instance with peer 64.211.xxx.rec {isakmp=#0/ipsec=#0}
Apr 1 15:11:41 l2tp pluto[2207]: packet from 64.211.xxx.rec:64113: received and ignored informational message



ppp.log
Mon Apr 1 15:40:18 2013 : L2TP connecting to server '64.211.xxx.xxx' (64.211.xxx.xxx)...
Mon Apr 1 15:40:18 2013 : IPSec connection started
Mon Apr 1 15:40:18 2013 : IPSec phase 1 client started
Mon Apr 1 15:40:18 2013 : IPSec phase 1 server replied
Mon Apr 1 15:40:19 2013 : IPSec phase 2 started
Mon Apr 1 15:40:19 2013 : IPSec phase 2 established
Mon Apr 1 15:40:19 2013 : IPSec connection established
Mon Apr 1 15:40:19 2013 : L2TP sent SCCRQ
Mon Apr 1 15:40:39 2013 : L2TP cannot connect to the server


ipsec.conf

version 2.0 # conforms to second version of ipsec.conf specification

config setup
dumpdir=/var/run/pluto/
#in what directory should things started by setup (notably the Pluto daemon) be allowed to dump core?
nat_traversal=yes
#whether to accept/offer to support NAT (NAPT, also known as "IP Masqurade") workaround for IPsec
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
#contains the networks that are allowed as subnet= for the remote client. In other words, the address
#ranges that may live behind a NAT router through which a client connects.
protostack=netkey
#decide which protocol stack is going to be used.
oe=off
#Disable Opertunistic Encryption.

conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
authby=secret
#shared secret. Use rsasig for certificates.
pfs=no
#Disable pfs
auto=add
#start at boot
keyingtries=8
#Only negotiate a conn. 3 times.
ikelifetime=8h
keylife=1h
type=transport
#because we use l2tp as tunnel protocol
left=64.211.xxx.xxx
#fill in server IP above
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
 
Old 05-03-2013, 06:54 PM   #2
angryfirelord
Member
 
Registered: Dec 2005
Posts: 497

Rep: Reputation: 58
I'm not familiar with l2tp, but I did find a setup guide for it: http://www.linuxhelp.in/2011/06/inst...-l2tp-vpn.html

It might be worth comparing his configuration with yours and seeing if there's anything different.
 
  


Reply

Tags
centos5, l2tp, openswan, xl2tpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] how to set up a vpn connection (l2tp / pptp)? 0zMe Slackware 3 12-29-2012 09:58 AM
L2TP/IPsec VPN connection with client behind NAT poorlittlelinuxuser Linux - Newbie 2 09-16-2012 09:41 PM
[SOLVED] Firefox and chromium can't browse the web on a L2TP vpn connection piquezino Linux - Networking 5 08-23-2012 10:54 AM


All times are GMT -5. The time now is 04:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration