Have you tried from Mac or Windows? Both of those worked with minimal
configuration for us. It could be your client xl2tpd settings.
Also, if your client is from behind a NAT firewall, it will need to be VPN
aware.
-----Original Message-----
From: Tamas Monos <tam...@veber.co.uk>
Reply-To: "cloudstack-users@incubator.apache.org"
<cloudstack-users@incubator.apache.org>
Date: Saturday, 26 May 2012 3:10 AM
To: "cloudstack-users@incubator.apache.org"
<cloudstack-users@incubator.apache.org>
Subject: RE: VPN with CS 3.0.2
>Hi,
>
>I can get this far on the client side:
>
>May 25 18:01:20.706 Starting xl2tpd: xl2tpd.
>May 25 18:01:20.731 ipsec__plutorun: 002 added connection description
>"cloud"
>May 25 18:01:20.828 104 "cloud" #1: STATE_MAIN_I1: initiate
>May 25 18:01:20.828 003 "cloud" #1: ignoring unknown Vendor ID payload
>[4f45517b4f7f6e657a7b4351]
>May 25 18:01:20.828 003 "cloud" #1: received Vendor ID payload [Dead Peer
>Detection]
>May 25 18:01:20.828 003 "cloud" #1: received Vendor ID payload [RFC 3947]
>method set to=109
>May 25 18:01:20.828 106 "cloud" #1: STATE_MAIN_I2: sent MI2, expecting MR2
>May 25 18:01:20.829 003 "cloud" #1: NAT-Traversal: Result using RFC 3947
>(NAT-Traversal): no NAT detected
>May 25 18:01:20.829 108 "cloud" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>May 25 18:01:20.829 003 "cloud" #1: received Vendor ID payload [CAN-IKEv2]
>May 25 18:01:20.829 004 "cloud" #1: STATE_MAIN_I4: ISAKMP SA established
>{auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
>May 25 18:01:20.829 117 "cloud" #2: STATE_QUICK_I1: initiate
>May 25 18:01:20.829 004 "cloud" #2: STATE_QUICK_I2: sent QI2, IPsec SA
>established transport mode {ESP=>0x6dad627d <0x503f8ead
>xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
>May 25 18:01:20.833 xl2tpd[5252]: Connecting to host 217.168.x.y, port
>1701
>May 25 18:01:25.836 xl2tpd[5252]: Maximum retries exceeded for tunnel
>2545. Closing.
>May 25 18:01:25.837 xl2tpd[5252]: Connection 0 closed to 217.168.x.y,
>port 1701 (Timeout)
>May 25 18:01:30.842 xl2tpd[5252]: Unable to deliver closing message for
>tunnel 2545. Destroying anyway.
>
>On the server side I get:
>
>May 25 17:01:23 r-119-VM xl2tpd[9094]: control_finish: Peer requested
>tunnel 2545 twice, ignoring second one.
>May 25 17:01:23 r-119-VM xl2tpd[9094]: control_finish: Peer requested
>tunnel 2545 twice, ignoring second one.
>May 25 17:01:24 r-119-VM xl2tpd[9094]: control_finish: Peer requested
>tunnel 2545 twice, ignoring second one.
>May 25 17:01:25 r-119-VM xl2tpd[9094]: control_finish: Peer requested
>tunnel 2545 twice, ignoring second one.
>May 25 17:01:26 r-119-VM xl2tpd[9094]: check_control: Received out of
>order control packet on tunnel -1 (got 1, expected 0)
>May 25 17:01:26 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
>May 25 17:01:27 r-119-VM xl2tpd[9094]: check_control: Received out of
>order control packet on tunnel -1 (got 1, expected 0)
>May 25 17:01:27 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
>May 25 17:01:28 r-119-VM xl2tpd[9094]: Maximum retries exceeded for
>tunnel 20224. Closing.
>May 25 17:01:28 r-119-VM xl2tpd[9094]: check_control: Received out of
>order control packet on tunnel -1 (got 1, expected 0)
>May 25 17:01:28 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
>May 25 17:01:28 r-119-VM xl2tpd[9094]: Connection 2545 closed to
>217.168.u.v, port 1701 (Timeout)
>May 25 17:01:29 r-119-VM xl2tpd[9094]: check_control: Received out of
>order control packet on tunnel -1 (got 1, expected 0)
>May 25 17:01:29 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
>May 25 17:01:30 r-119-VM xl2tpd[9094]: check_control: Received out of
>order control packet on tunnel -1 (got 1, expected 0)
>May 25 17:01:30 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
>May 25 17:01:33 r-119-VM xl2tpd[9094]: Unable to deliver closing message
>for tunnel 20224. Destroying anyway.
>
>I suspect a network problem between hosts on port 1701 but I don't see
>any outgoing attempts any directions via tcpdump on port 1701.
>I'll play around a bit more.
>If anyone has any ideas, welcome :)
>
>Regards
>
>Tamas Monos DDI
>+44(0)2034687012
>Chief Technical Office
>+44(0)2034687000
>Veber: The Hosting Specialists Fax +44(0)871 522
>7057
>http://www.veber.co.uk
>
>Follow us on Twitter: www.twitter.com/veberhost
>Follow us on Facebook: www.facebook.com/veberhost
>
>-----Original Message-----
>From: Tamas Monos [mailto:tam...@veber.co.uk]
>Sent: 25 May 2012 12:13
>To: cloudstack-users@incubator.apache.org
>Subject: VPN with CS 3.0.2
>
>Hi,
>
>I have tried a few times with earlier version to setup VPN.
>I can get the tunnel up and see the ESP packets back and forth but I get
>no IP from the virtual router (tunnel endpoint) so I can't send any
>traffic through the tunnel.
>Any suggestions what I'm missing here?
>
>Regards
>
>Tamas Monos DDI
>+44(0)2034687012
>Chief Technical Office
>+44(0)2034687000
>Veber: The Hosting Specialists Fax +44(0)871 522
>7057
>http://www.veber.co.uk<http://www.veber.co.uk/>
>
>Follow us on Twitter:
>www.twitter.com/veberhost<http://www.twitter.com/veberhost>
>Follow us on Facebook:
>www.facebook.com/veberhost<http://www.facebook.com/veberhost>
>
>
>
