[Swan] xl2tpd does not respond

Paul Wouters paul at nohats.ca
Tue Feb 16 15:22:01 UTC 2016

On Mon, 15 Feb 2016, Bob Miller wrote:

> Tracing the problem down, I find that xl2tpd is not receiving anything.  The 
> ipsec gets all the way to the end with the SA established, but xl2tpd is a 
> lump on the log.  I run it in the foreground, it claims to be listening on 
> the correct internet connection and correct port, and ss -apnu shows the it 
> is listening as well.  I can use netcat to send a text file, and I can see 
> output, so I know he is listening...

I assume you fixed the listen address in xl2tpd.conf to the new IP?

Usually what you decribe means firewalling problem, or no proper ipsec
saref = no in xl2tpd.conf (leaving the option out which defaults to no
caused different behaviour in some versions, so best to always explicitely
set it to no)

> Of this whole situation, the only thing that is new to me is the multiple 
> internet connections on a single firewall, this can't cause the xl2tpd daemon 
> to go non-responsive, can it?  in particular I am wondering about an 
> additional routing table, but I think this could only affect outbound 
> traffic, and xl2tpd should at least acknowledge a connection is made to it. 
> Maybe this requires something to change in my ipsec.conf?

Check rp_filter settings? If on, it might be dropping packets for you.


More information about the Swan mailing list