Hi again,
that's a pity.. it worked for me.. let me a little time to try
something..
-Alex
Am Die, den 23.03.2004 schrieb Toby Chamberlain um 14:55:
> Hi,
>
> Thanks for the suggestion. I already log all denied packets in the log, but
> I took down the firewall for a minute or two (shh... don't tell the boss!)
> just in case, but unfortunately with no luck... the packets seem to be going
> in but not being picked up by l2tpd...
>
> Thanks
> Toby
>
>
> > Hi !
> >
> > I had a similar error with l2tpd/ipsec ... I'd first suggest to drop all
> > Firewall-Rules to be sure that's not a traffic/rule-problem...
> >
> > In fact, this was the reason why my l2tpd didn't respond..
> >
> > -Alex
> >
> > Am Die, den 23.03.2004 schrieb Toby Chamberlain um 14:03:
> > > Hi,
> > >
> > > I am trying to connect to a freeswan/l2tpd VPN from a windows machine
> behind
> > > a netgear WGT624 ADSL router and am getting a strange problem. The
> intial
> > > IPSEC negotiation works fine, I get a IPSEC SA Established message, but
> then
> > > nothing happens - l2tpd doesn't fire up. I've logged the traffic on
> ipsec0
> > > and we are getting incoming traffic from the public IP of the remote
> router
> > > to the public IP of the freeswan server on UDP ports 1701->1701, but no
> > > reply. Before putting in the router I connected to the same box over a
> > > Windows dial-up connection with no problems, so I am confident that
> l2tpd is
> > > running and the config is correct.... after putting in the router I had
> to
> > > add a rightsubnet=x.x.x.x/x in ipsec.conf to get the SA established, but
> > > that is the only change I've made.
> > >
> > > Here is the relevanct section of ipsec.conf:
> > >
> > > conn Toby-Mitchell
> > > pfs=no
> > > left=%defaultroute
> > > leftcert=vpn.server.pem
> > > leftprotoport=17/0
> > > right=%any
> > > rightsubnet=192.168.0.3/32
> > > rightprotoport=17/1701
> > > auto=add
> > >
> > > .. and here is a section of the logs (all ipsec0 traffic is being
> logged -
> > > 1.2.3.4 is the external freeswan interface, 4.3.2.1 is the router's
> external
> > > interface - the delete SA at the end is me cancelling the connection):
> > >
> > > Mar 23 23:52:43 rtr1 pluto[4024]: packet from 4.3.2.1:500: received
> Vendor
> > > ID
> > > Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da
> > > Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[9] 4.3.2.1 #11:
> responding
> > > to Main Mode from unknown peer 4.3.2.1
> > > Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[9] 4.3.2.1 #11: Peer
> ID is
> > > ID_DER_ASN1_DN: '<Certificate Details>'
> > > Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[9] 4.3.2.1 #11: crl
> update
> > > is overdue since Apr 10 01:51:17 UTC 2003
> > > Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[9] 4.3.2.1 #11: crl
> update
> > > is overdue since Apr 10 01:51:17 UTC 2003
> > > Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #11:
> deleting
> > > c
> > > onnection "Toby-Mitchell" instance with peer 4.3.2.1
> {isakmp=#0/ipsec=#0}
> > > Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #11: sent
> MR3,
> > > ISAKMP SA established
> > > Mar 23 23:52:43 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #12:
> > > responding
> > > to Quick Mode
> > > Mar 23 23:52:43 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1
> > > DST=1
> > > 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12316 PROTO=UDP SPT=1701 DPT
> > > =1701 LEN=106
> > > Mar 23 23:52:44 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #12: IPsec
> SA
> > > e
> > > stablished {ESP=>0xf15e6bb4 <0xc539f998}
> > > Mar 23 23:52:44 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1
> > > DST=1
> > > 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12317 PROTO=UDP SPT=1701 DPT
> > > =1701 LEN=106
> > > Mar 23 23:52:46 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1
> > > DST=1
> > > 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12318 PROTO=UDP SPT=1701 DPT
> > > =1701 LEN=106
> > > Mar 23 23:52:50 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1
> > > DST=1
> > > 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12337 PROTO=UDP SPT=1701 DPT
> > > =1701 LEN=106
> > > Mar 23 23:52:58 rtr1 kernel: IN=ipsec0 OUT= MAC=45:00:00:7e SRC=4.3.2.1
> > > DST=1
> > > 2.3.4 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=12383 PROTO=UDP SPT=1701 DPT
> > > =1701 LEN=106
> > > Mar 23 23:53:02 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #11:
> received
> > > D
> > > elete SA(0xf15e6bb4) payload: deleting IPSEC State #12
> > > Mar 23 23:53:02 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1 #11:
> received
> > > D
> > > elete SA payload: deleting ISAKMP State #11
> > > Mar 23 23:53:02 rtr1 pluto[4024]: "Toby-Mitchell"[10] 4.3.2.1: deleting
> > > conne
> > > ction "Toby-Mitchell" instance with peer 4.3.2.1 {isakmp=#0/ipsec=#0}
> > >
> > >
> > >
> > > Does anyone have any ideas as to why the l2tp daemon might not be
> responding
> > > to the incoming connection?
> > >
> > > Thanks
> > > Toby
> >
> >
> >
