You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are building our linux client using Yocto, and an old kernel, 3.1.10-2.8.7+g5e3cb65 .
The server we are trying to connect is an old windows 2008 server , but has no problem serving clients on iOS, WinCE, android.... The server traces show that a header has incorrect size, but we currently don't have more info from the server side.
vpn
service-type : "org.freedesktop.NetworkManager.l2tp" (s)
user-name : "" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x4dac0) (s)
secrets : ((GHashTable*) 0x4da50) (s)
timeout : 0 (sd)
nm-l2tp[749] starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan ..3 IPsec [starter]...
Loading config setup
Loading conn '5c912719-67d6-4bdb-b5eb-d5f3db641814'
found netkey IPsec stack
nm-l2tp[749] Spawned ipsec up script with PID 817.
initiating Main Mode IKE_SA 5c912719-67d6-4bdb-b5eb-d5f3db641814[1] to redacted
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from [500] to (532 bytes)
received packet: from to [500] (212 bytes)
parsed ID_PROT response 0 [ SA V V V V V V ]
received MS NT5 ISAKMPOAKLEY vendor ID
received NAT-T (RFC 3947) vendor ID
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce::52
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from [500] to (212 bytes)
received packet: from to [500] (228 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
remote host is behind NAT
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 10.42.78.122[4500] to redacted[4500] (76 bytes)
received packet: from redacted[4500] to 10.42.78.122[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA 5c912719-67d6-4bdb-b5eb-d5f3db641814[1] established between 10.42.78.122[10.42.78.122]...redacted[192.168.90.90]
scheduling reauthentication in 10221s
maximum IKE_SA lifetime 10761s
generating QUICK_MODE request 1672764256 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 10.42.78.122[4500] to redacted[4500] (252 bytes)
received packet: from redacted[4500] to 10.42.78.122[4500] (220 bytes)
parsed QUICK_MODE response 1672764256 [ HASH SA No ID ID NAT-OA NAT-OA ]
connection '5c912719-67d6-4bdb-b5eb-d5f3db641814' established successfully
nm-l2tp[749] strongSwan IPsec tunnel is up.
** Message: xl2tpd started with pid 844
xl2tpd[844]: setsockopt recvref[30]: Protocol not available
xl2tpd[844]: This binary does not support kernel L2TP.
xl2tpd[844]: xl2tpd version xl2tpd-1.3.9 started on colibri-t30 PID:844
xl2tpd[844]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[844]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[844]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[844]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[844]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[844]: get_call: allocating new tunnel for host redacted, port 1701.
xl2tpd[844]: Connecting to host redacted, port 1701
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
xl2tpd[844]: control_finish: sending SCCRQ
xl2tpd[844]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[844]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[844]: framing_caps_avp: supported peer frames: sync
xl2tpd[844]: bearer_caps_avp: supported peer bearers:
xl2tpd[844]: firmware_rev_avp: peer reports firmware version 1537 (0x0601)
xl2tpd[844]: hostname_avp: peer reports hostname 'WS2008R2-WH1'
xl2tpd[844]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[844]: assigned_tunnel_avp: using peer's tunnel 298
xl2tpd[844]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
xl2tpd[844]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending SCCCN
xl2tpd[844]: Connection established to redacted, 1701. Local: 29027, Remote: 298 (ref=0/0).
xl2tpd[844]: Calling on tunnel 29027
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending ICRQ
xl2tpd[844]: message_type_avp: message type 11 (Incoming-Call-Reply)
xl2tpd[844]: assigned_call_avp: using peer's call 2
xl2tpd[844]: control_finish: message type is Incoming-Call-Reply(11). Tunnel is 298, call is 2.
xl2tpd[844]: control_finish: Sending ICCN
xl2tpd[844]: Call established with redacted, Local: 21420, Remote: 2, Serial: 1 (ref=0/0)
** Message: nm-l2tp-ppp-plugin: (plugin_init): initializing
** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status / phase 'establish'
xl2tpd[844]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[844]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[844]: framing_caps_avp: supported peer frames: sync
xl2tpd[844]: bearer_caps_avp: supported peer bearers:
xl2tpd[844]: firmware_rev_avp: peer reports firmware version 1537 (0x0601)
xl2tpd[844]: hostname_avp: peer reports hostname 'WS2008R2-WH1'
xl2tpd[844]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[844]: assigned_tunnel_avp: using peer's tunnel 298
xl2tpd[844]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
xl2tpd[844]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending SCCCN
xl2tpd[844]: Connection established to redacted, 1701. Local: 29027, Remote: 298 (ref=0/0).
xl2tpd[844]: Calling on tunnel 29027
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending ICRQ
xl2tpd[844]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[844]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[844]: framing_caps_avp: supported peer frames: sync
xl2tpd[844]: bearer_caps_avp: supported peer bearers:
xl2tpd[844]: firmware_rev_avp: peer reports firmware version 1537 (0x0601)
xl2tpd[844]: hostname_avp: peer reports hostname 'WS2008R2-WH1'
xl2tpd[844]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[844]: assigned_tunnel_avp: using peer's tunnel 298
xl2tpd[844]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
xl2tpd[844]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending SCCCN
xl2tpd[844]: Connection established to redacted, 1701. Local: 29027, Remote: 298 (ref=0/0).
xl2tpd[844]: Calling on tunnel 29027
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending ICRQ
xl2tpd[844]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[844]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[844]: framing_caps_avp: supported peer frames: sync
xl2tpd[844]: bearer_caps_avp: supported peer bearers:
xl2tpd[844]: firmware_rev_avp: peer reports firmware version 1537 (0x0601)
xl2tpd[844]: hostname_avp: peer reports hostname 'WS2008R2-WH1'
xl2tpd[844]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[844]: assigned_tunnel_avp: using peer's tunnel 298
xl2tpd[844]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
xl2tpd[844]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending SCCCN
xl2tpd[844]: Connection established to redacted5..210, 1701. Local: 29027, Remote: 298 (ref=0/0).
xl2tpd[844]: Calling on tunnel 29027
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending ICRQ
nm-l2tp[749] Looks like pppd didn't initialize our dbus module
xl2tpd[844]: death_handler: Fatal signal 15 received
** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
nm-l2tp[749] Terminated xl2tpd daemon with PID 844.
** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
** Message: nm-l2tp-ppp-plugin: (nm_exit_notify): cleaning up
Stopping strongSwan IPsec...
** Message: ipsec shut down
nm-l2tp[749] xl2tpd exited with error code 1
Stopping strongSwan IPsec failed: starter is not running
** Message: ipsec shut down
Thanks for your help
The text was updated successfully, but these errors were encountered:
We are using NetworkManager-l2tp/strongswan/xl2tp on our linux client
Versions
nm-l2tp-service: 1.2.18
xl2tpd version: 1.3.9
strongSwan 5.5.3
pppd 2.4.7
We are building our linux client using Yocto, and an old kernel, 3.1.10-2.8.7+g5e3cb65 .
The server we are trying to connect is an old windows 2008 server , but has no problem serving clients on iOS, WinCE, android.... The server traces show that a header has incorrect size, but we currently don't have more info from the server side.
Below is the output from nm-l2tp-service --debug
nm-l2tp[749] nm-l2tp-service (version 1.2.18) starting...
nm-l2tp[749] uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[749] ipsec enable flag: yes
** Message: Check port 1701
connection
id : "vpn2" (s)
uuid : "5c912719-67d6-4bdb-b5eb-d5f3db641814" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : [] (s)
autoconnect : TRUE (sd)
autoconnect-priority : 0 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : [] (s)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
stable-id : NULL (sd)
ipv6
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x3a008) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x42109c08) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
addr-gen-mode : 1 (sd)
token : NULL (sd)
ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x421098a8) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x52548) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)
vpn
service-type : "org.freedesktop.NetworkManager.l2tp" (s)
user-name : "" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x4dac0) (s)
secrets : ((GHashTable*) 0x4da50) (s)
timeout : 0 (sd)
nm-l2tp[749] starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan ..3 IPsec [starter]...
Loading config setup
Loading conn '5c912719-67d6-4bdb-b5eb-d5f3db641814'
found netkey IPsec stack
nm-l2tp[749] Spawned ipsec up script with PID 817.
initiating Main Mode IKE_SA 5c912719-67d6-4bdb-b5eb-d5f3db641814[1] to redacted
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from [500] to (532 bytes)
received packet: from to [500] (212 bytes)
parsed ID_PROT response 0 [ SA V V V V V V ]
received MS NT5 ISAKMPOAKLEY vendor ID
received NAT-T (RFC 3947) vendor ID
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce::52
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from [500] to (212 bytes)
received packet: from to [500] (228 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
remote host is behind NAT
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 10.42.78.122[4500] to redacted[4500] (76 bytes)
received packet: from redacted[4500] to 10.42.78.122[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA 5c912719-67d6-4bdb-b5eb-d5f3db641814[1] established between 10.42.78.122[10.42.78.122]...redacted[192.168.90.90]
scheduling reauthentication in 10221s
maximum IKE_SA lifetime 10761s
generating QUICK_MODE request 1672764256 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 10.42.78.122[4500] to redacted[4500] (252 bytes)
received packet: from redacted[4500] to 10.42.78.122[4500] (220 bytes)
parsed QUICK_MODE response 1672764256 [ HASH SA No ID ID NAT-OA NAT-OA ]
connection '5c912719-67d6-4bdb-b5eb-d5f3db641814' established successfully
nm-l2tp[749] strongSwan IPsec tunnel is up.
** Message: xl2tpd started with pid 844
xl2tpd[844]: setsockopt recvref[30]: Protocol not available
xl2tpd[844]: This binary does not support kernel L2TP.
xl2tpd[844]: xl2tpd version xl2tpd-1.3.9 started on colibri-t30 PID:844
xl2tpd[844]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[844]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[844]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[844]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[844]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[844]: get_call: allocating new tunnel for host redacted, port 1701.
xl2tpd[844]: Connecting to host redacted, port 1701
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
xl2tpd[844]: control_finish: sending SCCRQ
xl2tpd[844]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[844]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[844]: framing_caps_avp: supported peer frames: sync
xl2tpd[844]: bearer_caps_avp: supported peer bearers:
xl2tpd[844]: firmware_rev_avp: peer reports firmware version 1537 (0x0601)
xl2tpd[844]: hostname_avp: peer reports hostname 'WS2008R2-WH1'
xl2tpd[844]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[844]: assigned_tunnel_avp: using peer's tunnel 298
xl2tpd[844]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
xl2tpd[844]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending SCCCN
xl2tpd[844]: Connection established to redacted, 1701. Local: 29027, Remote: 298 (ref=0/0).
xl2tpd[844]: Calling on tunnel 29027
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending ICRQ
xl2tpd[844]: message_type_avp: message type 11 (Incoming-Call-Reply)
xl2tpd[844]: assigned_call_avp: using peer's call 2
xl2tpd[844]: control_finish: message type is Incoming-Call-Reply(11). Tunnel is 298, call is 2.
xl2tpd[844]: control_finish: Sending ICCN
xl2tpd[844]: Call established with redacted, Local: 21420, Remote: 2, Serial: 1 (ref=0/0)
** Message: nm-l2tp-ppp-plugin: (plugin_init): initializing
** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status / phase 'establish'
xl2tpd[844]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[844]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[844]: framing_caps_avp: supported peer frames: sync
xl2tpd[844]: bearer_caps_avp: supported peer bearers:
xl2tpd[844]: firmware_rev_avp: peer reports firmware version 1537 (0x0601)
xl2tpd[844]: hostname_avp: peer reports hostname 'WS2008R2-WH1'
xl2tpd[844]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[844]: assigned_tunnel_avp: using peer's tunnel 298
xl2tpd[844]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
xl2tpd[844]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending SCCCN
xl2tpd[844]: Connection established to redacted, 1701. Local: 29027, Remote: 298 (ref=0/0).
xl2tpd[844]: Calling on tunnel 29027
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending ICRQ
xl2tpd[844]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[844]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[844]: framing_caps_avp: supported peer frames: sync
xl2tpd[844]: bearer_caps_avp: supported peer bearers:
xl2tpd[844]: firmware_rev_avp: peer reports firmware version 1537 (0x0601)
xl2tpd[844]: hostname_avp: peer reports hostname 'WS2008R2-WH1'
xl2tpd[844]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[844]: assigned_tunnel_avp: using peer's tunnel 298
xl2tpd[844]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
xl2tpd[844]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending SCCCN
xl2tpd[844]: Connection established to redacted, 1701. Local: 29027, Remote: 298 (ref=0/0).
xl2tpd[844]: Calling on tunnel 29027
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending ICRQ
xl2tpd[844]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[844]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[844]: framing_caps_avp: supported peer frames: sync
xl2tpd[844]: bearer_caps_avp: supported peer bearers:
xl2tpd[844]: firmware_rev_avp: peer reports firmware version 1537 (0x0601)
xl2tpd[844]: hostname_avp: peer reports hostname 'WS2008R2-WH1'
xl2tpd[844]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[844]: assigned_tunnel_avp: using peer's tunnel 298
xl2tpd[844]: receive_window_size_avp: peer wants RWS of 8. Will use flow control.
xl2tpd[844]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending SCCCN
xl2tpd[844]: Connection established to redacted5..210, 1701. Local: 29027, Remote: 298 (ref=0/0).
xl2tpd[844]: Calling on tunnel 29027
xl2tpd[844]: control_finish: message type is (null)(0). Tunnel is 298, call is 0.
xl2tpd[844]: control_finish: sending ICRQ
nm-l2tp[749] Looks like pppd didn't initialize our dbus module
xl2tpd[844]: death_handler: Fatal signal 15 received
** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
nm-l2tp[749] Terminated xl2tpd daemon with PID 844.
** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
** Message: nm-l2tp-ppp-plugin: (nm_exit_notify): cleaning up
Stopping strongSwan IPsec...
** Message: ipsec shut down
nm-l2tp[749] xl2tpd exited with error code 1
Stopping strongSwan IPsec failed: starter is not running
** Message: ipsec shut down
Thanks for your help
The text was updated successfully, but these errors were encountered: