Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
OpenSwan/xl2tpd not working
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
lazloman
Guru
Guru


Joined: 27 Dec 2003
Posts: 343
Location: Skokie, Il. USA

PostPosted: Mon Sep 27, 2010 6:04 pm    Post subject: OpenSwan/xl2tpd not working Reply with quote

I'm trying to setup a VPN server using OpenSwan and xl2tpd. After getting everything configured and started, I tried to connect from a Mac client and got this error:
Code:

The L2TP-VPN server is not responding. Please check your settings"

Using TCPDump, I can see UDP traffic across port 500, but nothing across port 1701. Looking in the logs on the Mac, I see this pair of messages:

9/26/10 9:54:21 PM   racoon[27]   IKE Packet: transmit success. (Initiator, Main-Mode message 1).
9/26/10 9:45:26 PM   racoon[27]   IKE Packet: receive failed. (malformed or unexpected cookie).

The pair repeats 3 times, before failing


Nothing is logged anywhere in Linux whether it be syslog or in the log file used by xl2tpd. I can't access my linux box right now, so I'll post my config files later, but in the meantime, does anyone have an idea what might be wrong?
Thanks
_________________
Gentoo x86
2x Dell Optiplex GX200

"My Break-Dancing days are over, but there's always the Funky Chicken."
--The Full Monty
Back to top
View user's profile Send private message
lazloman
Guru
Guru


Joined: 27 Dec 2003
Posts: 343
Location: Skokie, Il. USA

PostPosted: Wed Sep 29, 2010 4:12 am    Post subject: Reply with quote

So, I think I was missing ipsec-tools, but when trying to install it, I get this error message:
Code:

 /usr/bin/install -c -m 644 racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h schedule.h sockmisc.h vmbuf.h isakmp_var.h isakmp.h isakmp_xauth.h isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/image//usr/include/racoon'
/usr/bin/install: will not overwrite just-created `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/image//usr/include/racoon/vmbuf.h' with `vmbuf.h'
libtool: install: /usr/bin/install -c plainrsa-gen /var/tmp/portage/net-firewall/ipsec-tools-0.7.2/image//usr/sbin/plainrsa-gen
make[4]: *** [install-include_racoonHEADERS] Error 1
make[4]: *** Waiting for unfinished jobs....
make[4]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2/src/racoon'
make[3]: *** [install-am] Error 2
make[3]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2/src/racoon'
make[2]: *** [install] Error 2
make[2]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2/src/racoon'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2/src'
make: *** [install-recursive] Error 1
 * ERROR: net-firewall/ipsec-tools-0.7.2 failed:
 *   (no error message)
 *
 * Call stack:
 *     ebuild.sh, line  54:  Called src_install
 *   environment, line 4149:  Called die
 * The specific snippet of code:
 *       emake DESTDIR="${D}" install || die;
 *
 * If you need support, post the output of 'emerge --info =net-firewall/ipsec-tools-0.7.2',
 * the complete build log and the output of 'emerge -pqv =net-firewall/ipsec-tools-0.7.2'.
 * The complete build log is located at '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/environment'.
 * S: '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2'

>>> Failed to emerge net-firewall/ipsec-tools-0.7.2, Log file:

>>>  '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/build.log'

 * Messages for package net-firewall/ipsec-tools-0.7.2:

 * QA: You called linux_chkconfig_present before any linux_config_exists!
 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!
 * [XFRM_USER] Transformation user configuration interface is NOT enabled.
 * QA: You called linux_chkconfig_present before any linux_config_exists!
 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!
 * QA: You called linux_chkconfig_present before any linux_config_exists!
 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!
 * QA: You called linux_chkconfig_present before any linux_config_exists!
 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!
 * QA: You called linux_chkconfig_present before any linux_config_exists!
 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!
 * QA: You called linux_chkconfig_present before any linux_config_exists!
 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!
 * QA: You called linux_chkconfig_present before any linux_config_exists!
 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!
 * QA: You called linux_chkconfig_present before any linux_config_exists!
 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!
 * ERROR: net-firewall/ipsec-tools-0.7.2 failed:
 *   (no error message)
 *
 * Call stack:
 *     ebuild.sh, line  54:  Called src_install
 *   environment, line 4149:  Called die
 * The specific snippet of code:
 *       emake DESTDIR="${D}" install || die;
 *
 * If you need support, post the output of 'emerge --info =net-firewall/ipsec-tools-0.7.2',
 * the complete build log and the output of 'emerge -pqv =net-firewall/ipsec-tools-0.7.2'.
 * The complete build log is located at '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/environment'.
 * S: '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2'


Any and all ideas welcome.
_________________
Gentoo x86
2x Dell Optiplex GX200

"My Break-Dancing days are over, but there's always the Funky Chicken."
--The Full Monty
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 438

PostPosted: Wed Sep 29, 2010 4:59 am    Post subject: Reply with quote

You don't need ipsec-tools. Openswan has everything you need.

The Mac OS IPsec is very silent and very picky, especially with certificate-based authentication.
Back to top
View user's profile Send private message
lazloman
Guru
Guru


Joined: 27 Dec 2003
Posts: 343
Location: Skokie, Il. USA

PostPosted: Thu Sep 30, 2010 2:15 am    Post subject: Reply with quote

Thanks for the reply. I'll keep that in mind, but I can't even try to get a ipsec started, much less connect a Mac client.
_________________
Gentoo x86
2x Dell Optiplex GX200

"My Break-Dancing days are over, but there's always the Funky Chicken."
--The Full Monty
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum