Ubuntu
l2tp-ipsec-vpn package

Bug #933139
Comment #9

Comment 9 for bug 933139

Revision history for this message

bing (bing000) wrote on 2012-05-15:

Hello,

I just installed l2tp-ipsec-vpn 1.0.6-1, l2tp-ipsec-vpn-daemon 0.9.8-1, xl2tpd 1.3.1+dfsg-1, and ppp 2.4.5-5ubuntu1 and am unable to connect to my work L2TP/IPSec VPN.

Here are the logs from l2tp-ipsec-vpn, and they aren't too informative.

May 15 11:07:19.827 ipsec_setup: Stopping Openswan IPsec...
May 15 11:07:20.938 ipsec_setup: ERROR: Module xfrm4_mode_transport is in use
May 15 11:07:21.024 ipsec_setup: ERROR: Module esp4 is in use
May 15 11:07:21.221 Stopping xl2tpd: xl2tpd.
May 15 11:07:21.222 xl2tpd[2824]: death_handler: Fatal signal 15 received
May 15 11:07:21.223 pppd[2874]: Modem hangup
May 15 11:07:21.223 pppd[2874]: Connection terminated.
May 15 11:07:21.242 ipsec_setup: Starting Openswan IPsec U2.6.37/K3.2.0-24-generic...
May 15 11:07:21.244 pppd[2874]: Exit.
May 15 11:07:21.445 ipsec__plutorun: Starting Pluto subsystem...
May 15 11:07:21.453 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
May 15 11:07:21.472 recvref[30]: Protocol not available
May 15 11:07:21.472 xl2tpd[3447]: This binary does not support kernel L2TP.
May 15 11:07:21.472 xl2tpd[3450]: xl2tpd version xl2tpd-1.3.1 started on biho-ThinkPad-W700 PID:3450
May 15 11:07:21.472 xl2tpd[3450]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
May 15 11:07:21.473 xl2tpd[3450]: Forked by Scott Balmos and David Stipp, (C) 2001
May 15 11:07:21.474 xl2tpd[3450]: Inherited by Jeff McAdams, (C) 2002
May 15 11:07:21.474 xl2tpd[3450]: Forked again by Xelerance (www.xelerance.com) (C) 2006
May 15 11:07:21.474 xl2tpd[3450]: Listening on IP address 0.0.0.0, port 1701
May 15 11:07:21.474 Starting xl2tpd: xl2tpd.
May 15 11:07:21.514 ipsec__plutorun: 002 added connection description "VPN"
May 15 11:07:21.561 104 "VPN" #1: STATE_MAIN_I1: initiate
May 15 11:07:21.562 003 "VPN" #1: received Vendor ID payload [RFC 3947] method set to=109
May 15 11:07:21.562 003 "VPN" #1: ignoring Vendor ID payload [Cisco IKE Fragmentation]
May 15 11:07:21.562 106 "VPN" #1: STATE_MAIN_I2: sent MI2, expecting MR2
May 15 11:07:21.562 003 "VPN" #1: received Vendor ID payload [Cisco-Unity]
May 15 11:07:21.563 003 "VPN" #1: received Vendor ID payload [XAUTH]
May 15 11:07:21.563 003 "VPN" #1: ignoring unknown Vendor ID payload [3a15d9c7957f87ca797bfda12a778ce3]
May 15 11:07:21.563 003 "VPN" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
May 15 11:07:21.563 003 "VPN" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
May 15 11:07:21.564 108 "VPN" #1: STATE_MAIN_I3: sent MI3, expecting MR3
May 15 11:07:21.564 003 "VPN" #1: received Vendor ID payload [Dead Peer Detection]
May 15 11:07:21.564 004 "VPN" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
May 15 11:07:21.564 117 "VPN" #2: STATE_QUICK_I1: initiate
May 15 11:07:21.565 003 "VPN" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
May 15 11:07:21.565 003 "VPN" #2: our client subnet returned doesn't match my proposal - us:10.xxx.xxx.xxx/32 vs them:xxx.xxx.xxx.xxx/32
May 15 11:07:21.565 003 "VPN" #2: Allowing questionable proposal anyway [ALLOW_MICROSOFT_BAD_PROPOSAL]
May 15 11:07:21.565 003 "VPN" #2: our client peer returned port doesn't match my proposal - us:1701 vs them:0
May 15 11:07:21.566 003 "VPN" #2: Allowing bad L2TP/IPsec proposal (see bug #849) anyway
May 15 11:07:21.566 004 "VPN" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x39cc0ba5 <0x0d4c7c1e xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
May 15 11:07:21.568 xl2tpd[3450]: Connecting to host vpn.xxx.xxx, port 1701
May 15 11:07:22.571 xl2tpd[3450]: Connection established to xxx.xxx.xxx.xxx, 1701. Local: 19495, Remote: 64 (ref=0/0).
May 15 11:07:22.571 xl2tpd[3450]: Calling on tunnel 19495
May 15 11:07:22.572 xl2tpd[3450]: Call established with xxx.xxx.xxx.xxx, Local: 61127, Remote: 64, Serial: 1 (ref=0/0)
May 15 11:07:22.576 xl2tpd[3450]: start_pppd: I'm running:
May 15 11:07:22.577 xl2tpd[3450]: "/usr/sbin/pppd"
May 15 11:07:22.578 xl2tpd[3450]: "passive"
May 15 11:07:22.581 xl2tpd[3450]: "nodetach"
May 15 11:07:22.581 xl2tpd[3450]: ":"
May 15 11:07:22.581 xl2tpd[3450]: "file"
May 15 11:07:22.582 xl2tpd[3450]: "/etc/ppp/xxx.options.xl2tpd"
May 15 11:07:22.582 xl2tpd[3450]: "ipparam"
May 15 11:07:22.582 xl2tpd[3450]: "xxx.xxx.xxx.xxx"
May 15 11:07:22.582 xl2tpd[3450]: "/dev/pts/0"
May 15 11:07:22.583 pppd[3491]: Plugin passprompt.so loaded.
May 15 11:07:22.583 pppd[3491]: pppd 2.4.5 started by root, uid 0
May 15 11:07:22.583 pppd[3491]: Using interface ppp0
May 15 11:07:22.583 pppd[3491]: Connect: ppp0 <--> /dev/pts/0

Hello,

I just installed l2tp-ipsec-vpn 1.0.6-1, l2tp-ipsec-vpn-daemon 0.9.8-1, xl2tpd 1.3.1+dfsg-1, and ppp 2.4.5-5ubuntu1 and am unable to connect to my work L2TP/IPSec VPN.

Here are the logs from l2tp-ipsec-vpn, and they aren't too informative.

May 15 11:07:19.827 ipsec_setup: Stopping Openswan IPsec...
May 15 11:07:20.938 ipsec_setup: ERROR: Module xfrm4_mode_transport is in use
May 15 11:07:21.024 ipsec_setup: ERROR: Module esp4 is in use
May 15 11:07:21.221 Stopping xl2tpd: xl2tpd.
May 15 11:07:21.222 xl2tpd[2824]: death_handler: Fatal signal 15 received
May 15 11:07:21.223 pppd[2874]: Modem hangup
May 15 11:07:21.223 pppd[2874]: Connection terminated.
May 15 11:07:21.242 ipsec_setup: Starting Openswan IPsec U2.6.37/K3.2.0-24-generic...
May 15 11:07:21.244 pppd[2874]: Exit.
May 15 11:07:21.445 ipsec__plutorun: Starting Pluto subsystem...
May 15 11:07:21.453 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
May 15 11:07:21.472 recvref[30]: Protocol not available
May 15 11:07:21.472 xl2tpd[3447]: This binary does not support kernel L2TP.
May 15 11:07:21.472 xl2tpd[3450]: xl2tpd version xl2tpd-1.3.1 started on biho-ThinkPad-W700 PID:3450
May 15 11:07:21.472 xl2tpd[3450]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
May 15 11:07:21.473 xl2tpd[3450]: Forked by Scott Balmos and David Stipp, (C) 2001
May 15 11:07:21.474 xl2tpd[3450]: Inherited by Jeff McAdams, (C) 2002
May 15 11:07:21.474 xl2tpd[3450]: Forked again by Xelerance (www.xelerance.com) (C) 2006
May 15 11:07:21.474 xl2tpd[3450]: Listening on IP address 0.0.0.0, port 1701
May 15 11:07:21.474 Starting xl2tpd: xl2tpd.
May 15 11:07:21.514 ipsec__plutorun: 002 added connection description "VPN"
May 15 11:07:21.561 104 "VPN" #1: STATE_MAIN_I1: initiate
May 15 11:07:21.562 003 "VPN" #1: received Vendor ID payload [RFC 3947] method set to=109 
May 15 11:07:21.562 003 "VPN" #1: ignoring Vendor ID payload [Cisco IKE Fragmentation]
May 15 11:07:21.562 106 "VPN" #1: STATE_MAIN_I2: sent MI2, expecting MR2
May 15 11:07:21.562 003 "VPN" #1: received Vendor ID payload [Cisco-Unity]
May 15 11:07:21.563 003 "VPN" #1: received Vendor ID payload [XAUTH]
May 15 11:07:21.563 003 "VPN" #1: ignoring unknown Vendor ID payload [3a15d9c7957f87ca797bfda12a778ce3]
May 15 11:07:21.563 003 "VPN" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
May 15 11:07:21.563 003 "VPN" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
May 15 11:07:21.564 108 "VPN" #1: STATE_MAIN_I3: sent MI3, expecting MR3
May 15 11:07:21.564 003 "VPN" #1: received Vendor ID payload [Dead Peer Detection]
May 15 11:07:21.564 004 "VPN" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
May 15 11:07:21.564 117 "VPN" #2: STATE_QUICK_I1: initiate
May 15 11:07:21.565 003 "VPN" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
May 15 11:07:21.565 003 "VPN" #2: our client subnet returned doesn't match my proposal - us:10.xxx.xxx.xxx/32 vs them:xxx.xxx.xxx.xxx/32
May 15 11:07:21.565 003 "VPN" #2: Allowing questionable proposal anyway [ALLOW_MICROSOFT_BAD_PROPOSAL]
May 15 11:07:21.565 003 "VPN" #2: our client peer returned port doesn't match my proposal - us:1701 vs them:0
May 15 11:07:21.566 003 "VPN" #2: Allowing bad L2TP/IPsec proposal (see bug #849) anyway
May 15 11:07:21.566 004 "VPN" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x39cc0ba5 <0x0d4c7c1e xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
May 15 11:07:21.568 xl2tpd[3450]: Connecting to host vpn.xxx.xxx, port 1701
May 15 11:07:22.571 xl2tpd[3450]: Connection established to xxx.xxx.xxx.xxx, 1701.  Local: 19495, Remote: 64 (ref=0/0).
May 15 11:07:22.571 xl2tpd[3450]: Calling on tunnel 19495
May 15 11:07:22.572 xl2tpd[3450]: Call established with xxx.xxx.xxx.xxx, Local: 61127, Remote: 64, Serial: 1 (ref=0/0)
May 15 11:07:22.576 xl2tpd[3450]: start_pppd: I'm running: 
May 15 11:07:22.577 xl2tpd[3450]: "/usr/sbin/pppd" 
May 15 11:07:22.578 xl2tpd[3450]: "passive" 
May 15 11:07:22.581 xl2tpd[3450]: "nodetach" 
May 15 11:07:22.581 xl2tpd[3450]: ":" 
May 15 11:07:22.581 xl2tpd[3450]: "file" 
May 15 11:07:22.582 xl2tpd[3450]: "/etc/ppp/xxx.options.xl2tpd" 
May 15 11:07:22.582 xl2tpd[3450]: "ipparam" 
May 15 11:07:22.582 xl2tpd[3450]: "xxx.xxx.xxx.xxx" 
May 15 11:07:22.582 xl2tpd[3450]: "/dev/pts/0" 
May 15 11:07:22.583 pppd[3491]: Plugin passprompt.so loaded.
May 15 11:07:22.583 pppd[3491]: pppd 2.4.5 started by root, uid 0
May 15 11:07:22.583 pppd[3491]: Using interface ppp0
May 15 11:07:22.583 pppd[3491]: Connect: ppp0 <--> /dev/pts/0

Ubuntul2tp-ipsec-vpn package

Comment 9 for bug 933139

Ubuntu
l2tp-ipsec-vpn package