Windows Error 678 - can't establish l2tp connection

Russ Budd Tue, 25 May 2004 08:11:36 -0700

Hi, I'm trying to set up L2TP over ipsec following Jacco's excellent instructions. Unfortunately, I seem to be having trouble getting the L2TP part to work.

I'm running openswan 2.1.2 on RH 9. I have downloaded the l2tpd-0.69 rpm from Jacco's site. I am running Windows XP with what i believe to be the latest updates.

Taking baby steps, I have a test bed subnet with the two machines. I'm using PSK to start and NAT is not involved.

The ipsec tunnel is established between the two machines, but I get
an "Error 678 The remote computer did not respond" at the PC.

I'm sure I'm missing something obvious. Any ideas would be greatly appreciated.

Russ

========================
l2tpd output

l2tpd -D This binary does not support kernel L2TP. l2tpd version 0.69 started on piran PID:8283 Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Forked by Scott Balmos and David Stipp, (C) 2001 Inhereted by Jeff McAdams, (C) 2002 Linux version 2.4.20-8custom on a i686, listening on IP address 0.0.0.0, port 17 01 ourtid = 55301, entropy_buf = d805 check_control: control, cid = 0, Ns = 0, Nr = 0 handle_avps: handling avp's for tunnel 55301, call 0 message_type_avp: message type 1 (Start-Control-Connection-Request) protocol_version_avp: peer is using version 1, revision 0. framing_caps_avp: supported peer frames: sync bearer_caps_avp: supported peer bearers: firmware_rev_avp: peer reports firmware version 1280 (0x0500) hostname_avp: peer reports hostname 'RussLapTop' vendor_avp: peer reports vendor 'Microsoft€' assigned_tunnel_avp: using peer's tunnel 6 receive_window_size_avp: peer wants RWS of 8. Will use flow control. ourtid = 33377, entropy_buf = 8261 check_control: control, cid = 0, Ns = 0, Nr = 0 handle_avps: handling avp's for tunnel 33377, call 0 message_type_avp: message type 1 (Start-Control-Connection-Request) protocol_version_avp: peer is using version 1, revision 0. framing_caps_avp: supported peer frames: sync bearer_caps_avp: supported peer bearers: firmware_rev_avp: peer reports firmware version 1280 (0x0500) hostname_avp: peer reports hostname 'RussLapTop' vendor_avp: peer reports vendor 'Microsoft€' assigned_tunnel_avp: using peer's tunnel 6 receive_window_size_avp: peer wants RWS of 8. Will use flow control. control_finish: Peer requested tunnel 6 twice, ignoring second one. ourtid = 8818, entropy_buf = 2272 check_control: control, cid = 0, Ns = 0, Nr = 0 handle_avps: handling avp's for tunnel 8818, call 0 message_type_avp: message type 1 (Start-Control-Connection-Request) protocol_version_avp: peer is using version 1, revision 0. framing_caps_avp: supported peer frames: sync bearer_caps_avp: supported peer bearers: firmware_rev_avp: peer reports firmware version 1280 (0x0500) hostname_avp: peer reports hostname 'RussLapTop' vendor_avp: peer reports vendor 'Microsoft€' assigned_tunnel_avp: using peer's tunnel 6 receive_window_size_avp: peer wants RWS of 8. Will use flow control. control_finish: Peer requested tunnel 6 twice, ignoring second one. control_xmit: Maximum retries exceeded for tunnel 55301. Closing. call_close : Connection 6 closed to 204.27.178.30, port 1701 (Timeout) ourtid = 31998, entropy_buf = 7cfe ourcid = 44132, entropy_buf = ac64 check_control: control, cid = 0, Ns = 0, Nr = 0 handle_avps: handling avp's for tunnel 31998, call 44132 message_type_avp: message type 1 (Start-Control-Connection-Request) protocol_version_avp: peer is using version 1, revision 0. framing_caps_avp: supported peer frames: sync bearer_caps_avp: supported peer bearers: firmware_rev_avp: peer reports firmware version 1280 (0x0500) hostname_avp: peer reports hostname 'RussLapTop' vendor_avp: peer reports vendor 'Microsoft€' assigned_tunnel_avp: using peer's tunnel 6 receive_window_size_avp: peer wants RWS of 8. Will use flow control. control_finish: Peer requested tunnel 6 twice, ignoring second one. control_xmit: Unable to deliver closing message for tunnel 55301. Destroying any way. ourtid = 21481, entropy_buf = 53e9 ourcid = 22990, entropy_buf = 59ce check_control: control, cid = 0, Ns = 0, Nr = 0 handle_avps: handling avp's for tunnel 21481, call 22990 message_type_avp: message type 1 (Start-Control-Connection-Request) protocol_version_avp: peer is using version 1, revision 0. framing_caps_avp: supported peer frames: sync bearer_caps_avp: supported peer bearers: firmware_rev_avp: peer reports firmware version 1280 (0x0500) hostname_avp: peer reports hostname 'RussLapTop' vendor_avp: peer reports vendor 'Microsoft€' assigned_tunnel_avp: using peer's tunnel 6 receive_window_size_avp: peer wants RWS of 8. Will use flow control. control_xmit: Maximum retries exceeded for tunnel 21481. Closing. call_close : Connection 6 closed to 204.27.178.30, port 1701 (Timeout) ourtid = 56164, entropy_buf = db64 ourcid = 23970, entropy_buf = 5da2 check_control: control, cid = 0, Ns = 0, Nr = 0 handle_avps: handling avp's for tunnel 56164, call 23970 message_type_avp: message type 1 (Start-Control-Connection-Request) protocol_version_avp: peer is using version 1, revision 0. framing_caps_avp: supported peer frames: sync bearer_caps_avp: supported peer bearers: firmware_rev_avp: peer reports firmware version 1280 (0x0500) hostname_avp: peer reports hostname 'RussLapTop' vendor_avp: peer reports vendor 'Microsoft€' assigned_tunnel_avp: using peer's tunnel 6 receive_window_size_avp: peer wants RWS of 8. Will use flow control. control_finish: Peer requested tunnel 6 twice, ignoring second one. control_xmit: Unable to deliver closing message for tunnel 21481. Destroying any way. death_handler: Fatal signal 2 received

========================
tcpdump of ipsec0

10:18:28.299939 Restricted17.HBCS.Org.isakmp > Restricted30.HBCS.Org.isakmp: isakmp: phase 1 ? ident: [|sa] (DF) 10:18:28.580115 Restricted17.HBCS.Org.isakmp > Restricted30.HBCS.Org.isakmp: isakmp: phase 1 ? ident: [|ke] (DF) 10:18:28.781573 Restricted17.HBCS.Org.isakmp > Restricted30.HBCS.Org.isakmp: isakmp: phase 1 ? ident[E]: [encrypted id] (DF) 10:18:30.011383 Restricted17.HBCS.Org.isakmp > Restricted30.HBCS.Org.isakmp: isakmp: phase 2/others ? oakley-quick[E]: [encrypted hash] (DF) 10:18:30.016184 Restricted30.HBCS.Org.l2tp > Restricted17.HBCS.Org.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |... 10:18:30.066912 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:31.016247 Restricted30.HBCS.Org.l2tp > Restricted17.HBCS.Org.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |... 10:18:31.017355 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 ZLB (DF) 10:18:31.072029 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:32.072093 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:33.019020 Restricted30.HBCS.Org.l2tp > Restricted17.HBCS.Org.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |... 10:18:33.020078 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 ZLB (DF) 10:18:33.072125 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:34.072165 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:35.082188 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55301) *RESULT_CODE(1/0 Timeout) (DF) 10:18:36.092039 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55301) *RESULT_CODE(1/0 Timeout) (DF) 10:18:37.024587 Restricted30.HBCS.Org.l2tp > Restricted17.HBCS.Org.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |... 10:18:37.025618 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 ZLB (DF) 10:18:37.092039 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55301) *RESULT_CODE(1/0 Timeout) (DF) 10:18:38.092052 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55301) *RESULT_CODE(1/0 Timeout) (DF) 10:18:39.092097 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(55301) *RESULT_CODE(1/0 Timeout) (DF) 10:18:45.025698 Restricted30.HBCS.Org.l2tp > Restricted17.HBCS.Org.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |... 10:18:45.026871 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:46.032038 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:47.032032 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:48.032045 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:49.032066 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() |... (DF) 10:18:50.032417 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(21481) *RESULT_CODE(1/0 Timeout) (DF) 10:18:51.042041 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(21481) *RESULT_CODE(1/0 Timeout) (DF) 10:18:52.042034 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(21481) *RESULT_CODE(1/0 Timeout) (DF) 10:18:53.042046 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(21481) *RESULT_CODE(1/0 Timeout) (DF) 10:18:54.042084 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=1,Nr=1 *MSGTYPE(StopCCN) *ASSND_TUN_ID(21481) *RESULT_CODE(1/0 Timeout) (DF) 10:18:55.029592 Restricted30.HBCS.Org.l2tp > Restricted17.HBCS.Org.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |... 10:18:55.030679 Restricted17.HBCS.Org.1024 > Restricted30.HBCS.Org.l2tp: l2tp:[TLS](6/0)Ns=0,Nr=1 ZLB (DF) 10:19:05.175354 Restricted17.HBCS.Org.isakmp > Restricted30.HBCS.Org.isakmp: isakmp: phase 2/others ? inf[E]: [encrypted hash] (DF) 10:19:05.802884 Restricted17.HBCS.Org.isakmp > Restricted30.HBCS.Org.isakmp: isakmp: phase 2/others ? inf[E]: [encrypted hash] (DF)


==============================
l2tpd.conf

[global]
; listen-addr = 192.168.1.98

[lns default]
ip range = 206.181.252.108-206.181.252.109
local ip = 206.181.252.110
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

_________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Windows Error 678 - can't establish l2tp connection

Reply via email to