[Swan] xl2tpd does not respond
Paul Wouters
paul at nohats.ca
Tue Feb 16 15:22:01 UTC 2016
On Mon, 15 Feb 2016, Bob Miller wrote:
> Tracing the problem down, I find that xl2tpd is not receiving anything. The
> ipsec gets all the way to the end with the SA established, but xl2tpd is a
> lump on the log. I run it in the foreground, it claims to be listening on
> the correct internet connection and correct port, and ss -apnu shows the it
> is listening as well. I can use netcat to send a text file, and I can see
> output, so I know he is listening...
I assume you fixed the listen address in xl2tpd.conf to the new IP?
Usually what you decribe means firewalling problem, or no proper ipsec
saref = no in xl2tpd.conf (leaving the option out which defaults to no
caused different behaviour in some versions, so best to always explicitely
set it to no)
> Of this whole situation, the only thing that is new to me is the multiple
> internet connections on a single firewall, this can't cause the xl2tpd daemon
> to go non-responsive, can it? in particular I am wondering about an
> additional routing table, but I think this could only affect outbound
> traffic, and xl2tpd should at least acknowledge a connection is made to it.
> Maybe this requires something to change in my ipsec.conf?
Check rp_filter settings? If on, it might be dropping packets for you.
Paul
More information about the Swan
mailing list