[Swan] localhost xl2tpd: xl2tpd[PID]:Maximum retries exceeded for tunnel NNNN

Paul Wouters paul at nohats.ca
Thu Nov 19 03:47:52 UTC 2015


On Wed, 18 Nov 2015, jvpn at use.startmail.com wrote:

> Connected from an iPhone, started telephony (SIP) application, call in progress, packets flowing.
> After about 8 minutes call dropped, found the message with subject in log file.
> It followed by "pppd terminating on signal 15" etc.
>
> Does anyone have any idea what it means?

Check why the ipsec sa got terminated in the libreswan logs?

My guess would be that one of the peers might do DPD checks and some of
these got dropped because of congestion. Libreswan in its later versions
does take into account that active SA's don't need DPD probes though, so
this would either be an iphone issue or an old libreswan if this is the
cause.

> Any firewall rules prevent tunnel from keeping itself alive?

No.

Also, if you are not supporting win95/winxp clients, you should replace
the l2tp/ipsec with XAUTH/Cisco mode IPsec. See:

https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH

Paul


More information about the Swan mailing list