On Mon, 15 Feb 2016, Bob Miller wrote:
Tracing the problem down, I find that xl2tpd is not receiving anything. The ipsec gets all the way to the end with the SA established, but xl2tpd is a lump on the log. I run it in the foreground, it claims to be listening on the correct internet connection and correct port, and ss -apnu shows the it is listening as well. I can use netcat to send a text file, and I can see output, so I know he is listening...
I assume you fixed the listen address in xl2tpd.conf to the new IP? Usually what you decribe means firewalling problem, or no proper ipsec saref = no in xl2tpd.conf (leaving the option out which defaults to no caused different behaviour in some versions, so best to always explicitely set it to no)
Of this whole situation, the only thing that is new to me is the multiple internet connections on a single firewall, this can't cause the xl2tpd daemon to go non-responsive, can it? in particular I am wondering about an additional routing table, but I think this could only affect outbound traffic, and xl2tpd should at least acknowledge a connection is made to it. Maybe this requires something to change in my ipsec.conf?
Check rp_filter settings? If on, it might be dropping packets for you. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
