Re: [Users] L2TP and Freeswan PPPD problems.

Ed Murray wrote:

> Apr 28 14:19:19 mail pppd[32297]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
> <auth chap MD5> <magic 0xc6b02ff3> <pcomp> <accomp>]
> Apr 28 14:19:37 mail last message repeated 6 times

I have seen similar things on my old Mandrake 8.1 system. I think there is a version conflict on my system:

 ipsec_setup: Starting FreeS/WAN IPsec 1.98b...  ipsec_setup: Using
/lib/modules/2.4.18-8.2mdk/kernel/net/ipsec/ipsec.o.gz  kernel: klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: 1.95

Mandrake's kernel is compiled with 1.95, while the usermode utilities are from 1.98b (I had to use these, because 1.95 does not support X.509 certificates nor the left/rightprotoport parameters which is required for L2TP over IPsec).

Perhaps there is a problem with your kernel too? I must admit though that I have not tried Debian with IPsec/L2TP. I don't know what versions of the kernel and FreeS/WAN are used in Woody.

Also, if you see the following error in /var/log/messages:

  ipsec_setup: WARNING: eth0 has route filtering turned on,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

               KLIPS may not work
  ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = `1',

               should be 0)

you should obviously do this:

# echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter

What puzzles me is that you write it works on the same subnet but not if you use different subnets. Could there be a routing problem? Try sniffing the subnets with tcpdump or something.

Jacco

-- 
Jacco de Leeuw                         mailto:jacco2@dds.nl
Zaandam, The Netherlands           
http://www.jacco2.dds.nl
               Coffee is not my cup of tea.
_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users