ok, when you have the problem (package sourced by l2tpd seems to have src prt set to 1024 as you say), could you netstat -anp and check it out ? and ls -lisa /proc/$l2tpd-pids/fd could help too.
J. On Mon, Jul 19, 2004 at 03:14:41PM -0400, Russ Budd wrote: > Sorry about that - > > RH 9 with kernel 2.4.20-8 running OpenSwan 2.1.2. > > L2TPD version 0.69 > > Thanks again > Russ > > > > > > >From: Jean-Francois Dive <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: [EMAIL PROTECTED] > >Subject: Re: L2tpd connection is never established > >Date: Mon, 19 Jul 2004 17:30:54 +0200 > > > >hi, > > > >Could you tell us which version of l2tpd / distro / kernel you run this > >setup on ? > > > >Tx. > > > >J. > > > >On Sun, Jul 18, 2004 at 04:33:18PM -0400, Russ Budd wrote: > >> After a month or two spent on other things, I've found time to revisit > >my > >> attempt to establish L2TP connections from XP Pro to OpenSwan. > >> > >> It appears that packets from the gateway running OpenSwan to the XP host > >> are not being routed through the tunnel. Host 228 is the XP box and 17 > >the > >> OpenSwan gateway. If I read the tcpdump below correctly, they establish > >> the tunnel and 228 sends an ESP packet which contains the L2TP request. > >17 > >> responds in the clear from port 1024. The XP host eventually times out. > >> > >> I'm wondering if using port 1024 could be part of the problem since the > >> Swan conf file specifies 1701 for both left and right port? Wouldn't > >that > >> mean that only those ports are routed through the tunnel? > >> > >> I'd appreciate any thoughts on where I'm going wrong. > >> > >> Thanks in advance > >> Russ > >> > >> Swan conf file: > >> > >> conn piran-mn > >> type=tunnel > >> left=204.27.178.17 > >> leftnexthop=204.27.178.18 > >> leftprotoport=17/1701 > >> rightprotoport=17/1701 > >> right=204.27.178.228 > >> auth=esp > >> authby=secret > >> pfs=no > >> compress=no > >> auto=ignore > >> > >> tcpdump: > >> > >> 15:08:39.604895 Restricted17.isakmp > Restricted228.isakmp: isakmp: > >phase 1 > >> R ident: [|sa] (DF) > >> 15:08:39.691004 Restricted228.isakmp > Restricted17.isakmp: isakmp: > >phase 1 > >> I ident: [|ke] > >> 15:08:39.936911 Restricted17.isakmp > Restricted228.isakmp: isakmp: > >phase 1 > >> R ident: [|sa] (DF) > >> 15:08:40.175431 Restricted17.isakmp > Restricted228.isakmp: isakmp: > >phase 1 > >> R ident: [|ke] (DF) > >> 15:08:40.206733 Restricted228.isakmp > Restricted17.isakmp: isakmp: > >phase 1 > >> I ident[E]: [encrypted id] > >> 15:08:40.332690 Restricted17.isakmp > Restricted228.isakmp: isakmp: > >phase 1 > >> R ident[E]: [encrypted id] (DF) > >> 15:08:40.340624 Restricted228.isakmp > Restricted17.isakmp: isakmp: > >phase > >> 2/others I oakley-quick[E]: [encrypted hash] > >> 15:08:41.037460 Restricted17.isakmp > Restricted228.isakmp: isakmp: > >phase > >> 2/others R oakley-quick[E]: [encrypted hash] (DF) > >> 15:08:41.041029 Restricted228.isakmp > Restricted17.isakmp: isakmp: > >phase > >> 2/others I oakley-quick[E]: [encrypted hash] > >> 15:08:41.042126 Restricted228. > Restricted17.: > >ESP(spi=0x44998367,seq=0x1) > >> 15:08:41.147157 Restricted17.1024 > Restricted228.l2tp: > >> l2tp:[TLS](9/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) > >*FRAMING_CAP(AS) > >> *BEARER_CAP() |... (DF) > >> 15:08:42.038569 Restricted228. > Restricted17.: > >ESP(spi=0x44998367,seq=0x2) > >> 15:08:42.039824 Restricted17.1024 > Restricted228.l2tp: > >> l2tp:[TLS](9/0)Ns=0,Nr=1 ZLB (DF) > >> 15:08:42.149538 Restricted17.1024 > Restricted228.l2tp: > >> l2tp:[TLS](9/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) > >*FRAMING_CAP(AS) > >> *BEARER_CAP() |... (DF) > >> 15:08:43.149553 Restricted17.1024 > Restricted228.l2tp: > >> l2tp:[TLS](9/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) > >*FRAMING_CAP(AS) > >> *BEARER_CAP() |... (DF) > >> > >> Pluto version: > >> Linux FreeS/WAN 2.1.2 X.509-1.4.8 PLUTO_USES_KEYRR > >> > >> _________________________________________________________________ > >> Don?t just search. Find. Check out the new MSN Search! > >> http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > > > >-- > >-- > > > >-> Jean-Francois Dive > >--> [EMAIL PROTECTED] > > > > I think that God in creating Man somewhat overestimated his ability. > > -- Oscar Wilde > > > > _________________________________________________________________ > Don?t just search. Find. Check out the new MSN Search! > http://search.msn.click-url.com/go/onm00200636ave/direct/01/ -- -- -> Jean-Francois Dive --> [EMAIL PROTECTED] I think that God in creating Man somewhat overestimated his ability. -- Oscar Wilde
