Sorry about that -
RH 9 with kernel 2.4.20-8 running OpenSwan 2.1.2.
L2TPD version 0.69
Thanks again Russ
From: Jean-Francois Dive <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: L2tpd connection is never established Date: Mon, 19 Jul 2004 17:30:54 +0200
hi,
Could you tell us which version of l2tpd / distro / kernel you run this setup on ?
Tx.
J.
On Sun, Jul 18, 2004 at 04:33:18PM -0400, Russ Budd wrote:
> After a month or two spent on other things, I've found time to revisit my
> attempt to establish L2TP connections from XP Pro to OpenSwan.
>
> It appears that packets from the gateway running OpenSwan to the XP host
> are not being routed through the tunnel. Host 228 is the XP box and 17 the
> OpenSwan gateway. If I read the tcpdump below correctly, they establish
> the tunnel and 228 sends an ESP packet which contains the L2TP request. 17
> responds in the clear from port 1024. The XP host eventually times out.
>
> I'm wondering if using port 1024 could be part of the problem since the
> Swan conf file specifies 1701 for both left and right port? Wouldn't that
> mean that only those ports are routed through the tunnel?
>
> I'd appreciate any thoughts on where I'm going wrong.
>
> Thanks in advance
> Russ
>
> Swan conf file:
>
> conn piran-mn
> type=tunnel
> left=204.27.178.17
> leftnexthop=204.27.178.18
> leftprotoport=17/1701
> rightprotoport=17/1701
> right=204.27.178.228
> auth=esp
> authby=secret
> pfs=no
> compress=no
> auto=ignore
>
> tcpdump:
>
> 15:08:39.604895 Restricted17.isakmp > Restricted228.isakmp: isakmp: phase 1
> R ident: [|sa] (DF)
> 15:08:39.691004 Restricted228.isakmp > Restricted17.isakmp: isakmp: phase 1
> I ident: [|ke]
> 15:08:39.936911 Restricted17.isakmp > Restricted228.isakmp: isakmp: phase 1
> R ident: [|sa] (DF)
> 15:08:40.175431 Restricted17.isakmp > Restricted228.isakmp: isakmp: phase 1
> R ident: [|ke] (DF)
> 15:08:40.206733 Restricted228.isakmp > Restricted17.isakmp: isakmp: phase 1
> I ident[E]: [encrypted id]
> 15:08:40.332690 Restricted17.isakmp > Restricted228.isakmp: isakmp: phase 1
> R ident[E]: [encrypted id] (DF)
> 15:08:40.340624 Restricted228.isakmp > Restricted17.isakmp: isakmp: phase
> 2/others I oakley-quick[E]: [encrypted hash]
> 15:08:41.037460 Restricted17.isakmp > Restricted228.isakmp: isakmp: phase
> 2/others R oakley-quick[E]: [encrypted hash] (DF)
> 15:08:41.041029 Restricted228.isakmp > Restricted17.isakmp: isakmp: phase
> 2/others I oakley-quick[E]: [encrypted hash]
> 15:08:41.042126 Restricted228. > Restricted17.: ESP(spi=0x44998367,seq=0x1)
> 15:08:41.147157 Restricted17.1024 > Restricted228.l2tp:
> l2tp:[TLS](9/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
> *BEARER_CAP() |... (DF)
> 15:08:42.038569 Restricted228. > Restricted17.: ESP(spi=0x44998367,seq=0x2)
> 15:08:42.039824 Restricted17.1024 > Restricted228.l2tp:
> l2tp:[TLS](9/0)Ns=0,Nr=1 ZLB (DF)
> 15:08:42.149538 Restricted17.1024 > Restricted228.l2tp:
> l2tp:[TLS](9/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
> *BEARER_CAP() |... (DF)
> 15:08:43.149553 Restricted17.1024 > Restricted228.l2tp:
> l2tp:[TLS](9/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
> *BEARER_CAP() |... (DF)
>
> Pluto version:
> Linux FreeS/WAN 2.1.2 X.509-1.4.8 PLUTO_USES_KEYRR
>
> _________________________________________________________________
> Don?t just search. Find. Check out the new MSN Search!
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
-- --
-> Jean-Francois Dive --> [EMAIL PROTECTED]
I think that God in creating Man somewhat overestimated his ability. -- Oscar Wilde
_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
