L2TP over IPsec VPN Manager

Getting "Command 'service xl2tpd start' failed" on connect due to bad xl2tpd config wrt redials

Bug #1195514 reported by Justin Watt on 2013-06-28

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	L2TP over IPsec VPN Manager	New	Undecided	Unassigned

Bug Description

I was getting the following error when trying to connect. Here's what I see in the log output:

Jun 27 16:33:16.033 ipsec_setup: Stopping Openswan IPsec...
Jun 27 16:33:17.602 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.8.0-25-generic...
Jun 27 16:33:17.866 ipsec__plutorun: Starting Pluto subsystem...
Jun 27 16:33:17.879 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jun 27 16:33:17.888 xl2tpd[3117]: parse_config: line 25: rtimeout value must be at least 1
Jun 27 16:33:17.888 xl2tpd[3117]: init: Unable to load config file
Jun 27 16:33:17.889 [ERROR 1] Command 'service xl2tpd start' failed and exited with given error code
Jun 27 16:33:17.933 ipsec__plutorun: 002 added connection description "Sincerely"

I'm glad I took two seconds to read the log before reporting this, because I realized that something was possibly wrong with the xl2tpd config file. As it happens, I was following the instructions here for setting up l2tp-ipsec-vpn:

https://www.versavpn.com/ubuntu-linux-configuring-running-l2tp/

...and they recommended clicking the "Redial" checkbox under the L2TP tab, but said nothing about setting the Timeout and Attempts values. Unfortunately the default of 0 caused xl2tpd to fail. It'd be nice if checking that checkbox caused some more reasonable defaults to be used. (I've seen 60 seconds and 3 retries on the Windows side) or if the user was simply prevented from entering a 0 there if Redial is checked. Gotta save the users from shooting themselves in the foot, ya know?

Thanks.

Revision history for this message

ashish (jashishtech) wrote on 2013-10-17:

On Debian wheezy 3.2.0-4-amd64
xl2tpd-1.3.1, l2tp-ipsec-vpn 1.0.9
I am also under same situation which is happening to be big blocker.

It shows error 410 occure while trying to connect to VPN.

Oct 17 23:39:48.537 ipsec_setup: Starting Openswan IPsec U2.6.37-g955aaafb-dirty/K3.2.0-4-amd64...
Oct 17 23:39:48.812 ipsec__plutorun: Starting Pluto subsystem...
Oct 17 23:39:48.817 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Oct 17 23:39:48.819 recvref[30]: Protocol not available
Oct 17 23:39:48.819 xl2tpd[5037]: This binary does not support kernel L2TP.
Oct 17 23:39:48.819 Starting xl2tpd: xl2tpd.
Oct 17 23:39:48.820 xl2tpd[5042]: xl2tpd version xl2tpd-1.3.1 started on ashish PID:5042
Oct 17 23:39:48.820 xl2tpd[5042]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 17 23:39:48.820 xl2tpd[5042]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 17 23:39:48.820 xl2tpd[5042]: Inherited by Jeff McAdams, (C) 2002
Oct 17 23:39:48.820 xl2tpd[5042]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Oct 17 23:39:48.821 xl2tpd[5042]: Listening on IP address 0.0.0.0, port 1701
Oct 17 23:39:48.844 ipsec__plutorun: 002 added connection description "Vpn"
Oct 17 23:40:19.757 104 "Vpn" #1: STATE_MAIN_I1: initiate
Oct 17 23:40:19.758 010 "Vpn" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
Oct 17 23:40:19.758 010 "Vpn" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
Oct 17 23:40:19.758 003 "Vpn" #1: received Vendor ID payload [Dead Peer Detection]
Oct 17 23:40:19.759 003 "Vpn" #1: received Vendor ID payload [RFC 3947] method set to=109
Oct 17 23:40:19.759 003 "Vpn" #1: received Vendor ID payload [Cisco-Unity]
Oct 17 23:40:19.760 106 "Vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Oct 17 23:40:19.760 003 "Vpn" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Oct 17 23:40:19.760 108 "Vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Oct 17 23:40:19.761 004 "Vpn" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_md5 group=modp2048}
Oct 17 23:40:19.761 117 "Vpn" #2: STATE_QUICK_I1: initiate
Oct 17 23:40:19.761 004 "Vpn" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x8af718c9 <0x64ddd774 xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=none}
Oct 17 23:40:20.763 xl2tpd[5042]: Connecting to host xxx.xx.xx.xx, port 1701
Oct 17 23:40:25.769 xl2tpd[5042]: Maximum retries exceeded for tunnel 13617. Closing.
Oct 17 23:40:25.769 [ERROR 410] Connection attempt to 'Vpn' timed out
Oct 17 23:40:25.784 xl2tpd[5042]: Connection 0 closed to xxx.xx.xx.xx, port 1701 (Timeout)
Oct 17 23:40:25.802 Stopping xl2tpd: xl2tpd.
Oct 17 23:40:25.803 xl2tpd[5042]: death_handler: Fatal signal 15 received
Oct 17 23:40:25.821 ipsec_setup: Stopping Openswan IPsec...
Oct 17 23:40:27.261 ipsec_setup: Error: Module xfrm4_mode_transport is in use
Oct 17 23:40:27.527 ipsec_setup: Error: Module esp4 is in use

Any one can help me out on this.

On Debian wheezy 3.2.0-4-amd64 
xl2tpd-1.3.1, l2tp-ipsec-vpn 1.0.9
I am also under same situation which is happening to be big blocker.

It shows error 410 occure while trying to connect to VPN.

Oct 17 23:39:48.537 ipsec_setup: Starting Openswan IPsec U2.6.37-g955aaafb-dirty/K3.2.0-4-amd64...
Oct 17 23:39:48.812 ipsec__plutorun: Starting Pluto subsystem...
Oct 17 23:39:48.817 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Oct 17 23:39:48.819 recvref[30]: Protocol not available
Oct 17 23:39:48.819 xl2tpd[5037]: This binary does not support kernel L2TP.
Oct 17 23:39:48.819 Starting xl2tpd: xl2tpd.
Oct 17 23:39:48.820 xl2tpd[5042]: xl2tpd version xl2tpd-1.3.1 started on ashish PID:5042
Oct 17 23:39:48.820 xl2tpd[5042]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 17 23:39:48.820 xl2tpd[5042]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 17 23:39:48.820 xl2tpd[5042]: Inherited by Jeff McAdams, (C) 2002
Oct 17 23:39:48.820 xl2tpd[5042]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Oct 17 23:39:48.821 xl2tpd[5042]: Listening on IP address 0.0.0.0, port 1701
Oct 17 23:39:48.844 ipsec__plutorun: 002 added connection description "Vpn"
Oct 17 23:40:19.757 104 "Vpn" #1: STATE_MAIN_I1: initiate
Oct 17 23:40:19.758 010 "Vpn" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
Oct 17 23:40:19.758 010 "Vpn" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
Oct 17 23:40:19.758 003 "Vpn" #1: received Vendor ID payload [Dead Peer Detection]
Oct 17 23:40:19.759 003 "Vpn" #1: received Vendor ID payload [RFC 3947] method set to=109 
Oct 17 23:40:19.759 003 "Vpn" #1: received Vendor ID payload [Cisco-Unity]
Oct 17 23:40:19.760 106 "Vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Oct 17 23:40:19.760 003 "Vpn" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Oct 17 23:40:19.760 108 "Vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Oct 17 23:40:19.761 004 "Vpn" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_md5 group=modp2048}
Oct 17 23:40:19.761 117 "Vpn" #2: STATE_QUICK_I1: initiate
Oct 17 23:40:19.761 004 "Vpn" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x8af718c9 <0x64ddd774 xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=none}
Oct 17 23:40:20.763 xl2tpd[5042]: Connecting to host xxx.xx.xx.xx, port 1701
Oct 17 23:40:25.769 xl2tpd[5042]: Maximum retries exceeded for tunnel 13617.  Closing.
Oct 17 23:40:25.769 [ERROR  410]   Connection attempt to 'Vpn' timed out
Oct 17 23:40:25.784 xl2tpd[5042]: Connection 0 closed to xxx.xx.xx.xx, port 1701 (Timeout)
Oct 17 23:40:25.802 Stopping xl2tpd: xl2tpd.
Oct 17 23:40:25.803 xl2tpd[5042]: death_handler: Fatal signal 15 received
Oct 17 23:40:25.821 ipsec_setup: Stopping Openswan IPsec...
Oct 17 23:40:27.261 ipsec_setup: Error: Module xfrm4_mode_transport is in use
Oct 17 23:40:27.527 ipsec_setup: Error: Module esp4 is in use

Any one can help me out on this.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.