[Swan] xl2tpd does not respond

Bob Miller bob at computerisms.ca
Wed Feb 17 06:35:27 UTC 2016

Hi Paul,

Thanks as always for your response, you must have an oil tanker's worth 
of karmic beer saved up...

>> well.  I can use netcat to send a text file, and I can see output, so
>> I know he is listening...
> I assume you fixed the listen address in xl2tpd.conf to the new IP?

Aye, but thanks for asking, wouldn't be the first time I did a rookie 
mistake like that...

> Usually what you decribe means firewalling problem, or no proper ipsec
> saref = no in xl2tpd.conf (leaving the option out which defaults to no
> caused different behaviour in some versions, so best to always explicitely
> set it to no)

I tried the ipsec saref = no in my xl2tpd.conf, no change.  I also setup 
my iptables to log any udp packets dst 1701 on mangle prerouting and 
input, as well as nat/prerouting, and filter/input.  Using netkey, I 
figured if l2tp is being decrypted, it should show up somewhere on the 
path when it gets put back into iptables.  But I got no log entries.  I 
take this to mean that if it is being blocked, it is being blocked while 
still encrypted, but I can't really see how that could be possible...

> Check rp_filter settings? If on, it might be dropping packets for you.

All interfaces are set to 0.  Checked for some pesky martians, too, but 
found none...

I tried loading libreswan and xl2ptd on the 2nd internet connection, 
just to see what would happen, and discovered an oddness; it seems I 
cannot ping from the 2nd connection to IP addresses within my ISP's 
range.  can ping the gateway and outside the service area.  would seem 
something routing-wise is wobbling, might be the source of the problem...

> Paul

More information about the Swan mailing list