Getting "Command 'service xl2tpd start' failed" on connect due to bad xl2tpd config wrt redials

Bug #1195514 reported by Justin Watt on 2013-06-28
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
L2TP over IPsec VPN Manager
Undecided
Unassigned

Bug Description

I was getting the following error when trying to connect. Here's what I see in the log output:

Jun 27 16:33:16.033 ipsec_setup: Stopping Openswan IPsec...
Jun 27 16:33:17.602 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.8.0-25-generic...
Jun 27 16:33:17.866 ipsec__plutorun: Starting Pluto subsystem...
Jun 27 16:33:17.879 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jun 27 16:33:17.888 xl2tpd[3117]: parse_config: line 25: rtimeout value must be at least 1
Jun 27 16:33:17.888 xl2tpd[3117]: init: Unable to load config file
Jun 27 16:33:17.889 [ERROR 1] Command 'service xl2tpd start' failed and exited with given error code
Jun 27 16:33:17.933 ipsec__plutorun: 002 added connection description "Sincerely"

I'm glad I took two seconds to read the log before reporting this, because I realized that something was possibly wrong with the xl2tpd config file. As it happens, I was following the instructions here for setting up l2tp-ipsec-vpn:

https://www.versavpn.com/ubuntu-linux-configuring-running-l2tp/

...and they recommended clicking the "Redial" checkbox under the L2TP tab, but said nothing about setting the Timeout and Attempts values. Unfortunately the default of 0 caused xl2tpd to fail. It'd be nice if checking that checkbox caused some more reasonable defaults to be used. (I've seen 60 seconds and 3 retries on the Windows side) or if the user was simply prevented from entering a 0 there if Redial is checked. Gotta save the users from shooting themselves in the foot, ya know?

Thanks.

ashish (jashishtech) wrote :

On Debian wheezy 3.2.0-4-amd64
xl2tpd-1.3.1, l2tp-ipsec-vpn 1.0.9
I am also under same situation which is happening to be big blocker.

It shows error 410 occure while trying to connect to VPN.

Oct 17 23:39:48.537 ipsec_setup: Starting Openswan IPsec U2.6.37-g955aaafb-dirty/K3.2.0-4-amd64...
Oct 17 23:39:48.812 ipsec__plutorun: Starting Pluto subsystem...
Oct 17 23:39:48.817 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Oct 17 23:39:48.819 recvref[30]: Protocol not available
Oct 17 23:39:48.819 xl2tpd[5037]: This binary does not support kernel L2TP.
Oct 17 23:39:48.819 Starting xl2tpd: xl2tpd.
Oct 17 23:39:48.820 xl2tpd[5042]: xl2tpd version xl2tpd-1.3.1 started on ashish PID:5042
Oct 17 23:39:48.820 xl2tpd[5042]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 17 23:39:48.820 xl2tpd[5042]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 17 23:39:48.820 xl2tpd[5042]: Inherited by Jeff McAdams, (C) 2002
Oct 17 23:39:48.820 xl2tpd[5042]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Oct 17 23:39:48.821 xl2tpd[5042]: Listening on IP address 0.0.0.0, port 1701
Oct 17 23:39:48.844 ipsec__plutorun: 002 added connection description "Vpn"
Oct 17 23:40:19.757 104 "Vpn" #1: STATE_MAIN_I1: initiate
Oct 17 23:40:19.758 010 "Vpn" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
Oct 17 23:40:19.758 010 "Vpn" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
Oct 17 23:40:19.758 003 "Vpn" #1: received Vendor ID payload [Dead Peer Detection]
Oct 17 23:40:19.759 003 "Vpn" #1: received Vendor ID payload [RFC 3947] method set to=109
Oct 17 23:40:19.759 003 "Vpn" #1: received Vendor ID payload [Cisco-Unity]
Oct 17 23:40:19.760 106 "Vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Oct 17 23:40:19.760 003 "Vpn" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Oct 17 23:40:19.760 108 "Vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Oct 17 23:40:19.761 004 "Vpn" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_md5 group=modp2048}
Oct 17 23:40:19.761 117 "Vpn" #2: STATE_QUICK_I1: initiate
Oct 17 23:40:19.761 004 "Vpn" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x8af718c9 <0x64ddd774 xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=none}
Oct 17 23:40:20.763 xl2tpd[5042]: Connecting to host xxx.xx.xx.xx, port 1701
Oct 17 23:40:25.769 xl2tpd[5042]: Maximum retries exceeded for tunnel 13617. Closing.
Oct 17 23:40:25.769 [ERROR 410] Connection attempt to 'Vpn' timed out
Oct 17 23:40:25.784 xl2tpd[5042]: Connection 0 closed to xxx.xx.xx.xx, port 1701 (Timeout)
Oct 17 23:40:25.802 Stopping xl2tpd: xl2tpd.
Oct 17 23:40:25.803 xl2tpd[5042]: death_handler: Fatal signal 15 received
Oct 17 23:40:25.821 ipsec_setup: Stopping Openswan IPsec...
Oct 17 23:40:27.261 ipsec_setup: Error: Module xfrm4_mode_transport is in use
Oct 17 23:40:27.527 ipsec_setup: Error: Module esp4 is in use

Any one can help me out on this.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers