Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 02-01-2013, 09:56 AM   #1
Registered: Jan 2004
Posts: 449

Rep: Reputation: 30
l2tp and openswan tunnel problem?

Since weeks i want to setup my debian wheezy box as l2tp client to connect to my vpn server with xl2tpd and openswan, the external interface of my linux sytem is ppp0 with dynamic ip address and the internal interface is eth0 it's ip address is

this is my ipsec.conf:
version 2.0
config setup

conn L2tp-Client

The "ipsec auto --up L2tp-Client" command show the connection established:
listening for IKE messages
adding interface ppp0/ppp0
adding interface ppp0/ppp0
adding interface eth0/eth0
adding interface eth0/eth0
adding interface lo/lo
adding interface lo/lo
adding interface lo/lo ::1:500
loading secrets from "/etc/ipsec.secrets"
"L2tp-Client" #1: initiating Main Mode
"L2tp-Client" #1: ignoring unknown Vendor ID payload [882fe56d6fd20dbc2251613b2ebe5beb]

"L2tp-Client" #1: received Vendor ID payload [Dead Peer Detection]
"L2tp-Client" #1: received Vendor ID payload [RFC 3947] method set to=109
"L2tp-Client" #1: enabling possible NAT-traversal with method 4
"L2tp-Client" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"L2tp-Client" #1: STATE_MAIN_I2: sent MI2, expecting MR2
"L2tp-Client" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
"L2tp-Client" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"L2tp-Client" #1: STATE_MAIN_I3: sent MI3, expecting MR3
"L2tp-Client" #1: Main mode peer ID is ID_IPV4_ADDR: ''
"L2tp-Client" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"L2tp-Client" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
"L2tp-Client" #2: initiating Quick Mode PSK+ENCRYPT+DONTREKEY+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:817a4a6b proposal=defaults pfsgroup=no-pfs}
"L2tp-Client" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"L2tp-Client" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xc27caac2 <0x03c95196 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
and this is the routing table:
# ip route show
default dev ppp0 scope link via dev ppp0 src dev ppp0 proto kernel scope link src dev eth0 proto kernel scope link src is my vpn server ip address and is my isp ip address but i think the trafic didn't go throught this tunnel this is the tcpdump output:
#tcpdump -i ppp0

19:50:03.628622 IP mypc.50912 > Flags [.], ack 135116, win 259, length 0
19:50:03.654674 IP > mypc.51413: UDP, length 103
19:50:03.655292 IP mypc.3419 > 31095+ PTR? (43)
19:50:03.956620 IP > mypc.50914: Flags [.], seq 144460:145846, ack 1635, win 65535, length 1386
19:50:04.208670 IP mypc.50914 > Flags [.], ack 145846, win 259, length 0
19:50:04.232589 IP > mypc.50914: Flags [.], seq 145846:147232, ack 1635, win 65535, length 1386
19:50:04.446509 IP > mypc.50914: Flags [.], seq 147232:148246, ack 1635, win 65535, length 1014
19:50:04.446895 IP mypc.50914 > Flags [.], ack 148246, win 259, length 0
19:50:04.735465 IP > mypc.50914: Flags [.], seq 148246:149632, ack 1635, win 65535, length 1386
19:50:04.814437 IP > mypc.50914: Flags [.], seq 149632:150014, ack 1635, win 65535, length 382
19:50:04.815738 IP mypc.50914 > Flags [.], ack 150014, win 259, length 0
19:50:06.131215 IP > mypc.19745: 20394 0/0/0 (25)
19:50:06.278986 IP mypc.30523 > 63097+ AAAA? shamsme. (25)
19:50:06.423183 IP > mypc.50912: Flags [.], seq 135116:136502, ack 2730, win 65535, length 1386
19:50:06.637187 IP > mypc.50912: Flags [.], seq 136502:137562, ack 2730, win 65535, length 1060
19:50:06.637717 IP mypc.50912 > Flags [.], ack 137562, win 259, length 0
19:50:06.659136 IP > mypc.42546: Flags [R.], seq 0, ack 1347820094, win 0, length 0
19:50:06.949136 IP > mypc.50912: Flags [.], seq 137562:138948, ack 2730, win 65535, length 1386
19:50:07.089100 IP > mypc.50912: Flags [.], seq 138948:139651, ack 2730, win 65535, length 703
19:50:08.273203 IP mypc.44279 > 41557+ PTR? (44)
19:50:08.302491 IP CPE-121-218-160-31.lnse4
Please help me where i am wrong?
Old 02-01-2013, 07:04 PM   #2
Registered: Jan 2004
Posts: 449

Original Poster
Rep: Reputation: 30
Please help to solve the problem, in my knowlegde what i noticed the problem is my dynamic ip, because when i use for the left the "%defaultroute" there is no ip assinged to the defaultroute as shown above in the route it is "" so ipsec fail and complain there is no valid ip for the defaultroute, but when i use my eth0 interface ip address, ipsec establish the tunnel between " via dev ppp0 src" but the internet trafic go throught my external interface which is ppp0 not the eth0, so the trafic didn't use the l2tp tunnel.
Old 06-26-2013, 07:26 AM   #3
LQ Newbie
Registered: Mar 2011
Distribution: Fedora,Ubunutu
Posts: 16

Rep: Reputation: 0
i have a step by step L2TP + OpenSwan example (it's for EC2 but with very little modification you can make this work anywhere)
here is the link "L2TP OpenSwan How To"


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Openswan VPN with windows using L2TP mhkhalqani Linux - Networking 0 02-21-2011 01:00 PM
OpenSWAN, L2TP/IPSEC on CentOS 5.5 bderry71 Linux - Server 1 10-05-2010 09:33 PM
L2TP/IPSec/openswan server for iphone help ShadowHywind Linux - Server 3 01-25-2010 04:31 PM
L2TP/OpenSWAN Installation on Centos 5 blackmetal Linux - Networking 0 05-18-2009 11:54 AM
Not working properly with openswan/l2tp khuongdp Linux - Networking 1 05-24-2007 08:57 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:36 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration