[Swan] xl2tpd does not respond
bob at computerisms.ca
Wed Feb 17 06:35:27 UTC 2016
Thanks as always for your response, you must have an oil tanker's worth
of karmic beer saved up...
>> well. I can use netcat to send a text file, and I can see output, so
>> I know he is listening...
> I assume you fixed the listen address in xl2tpd.conf to the new IP?
Aye, but thanks for asking, wouldn't be the first time I did a rookie
mistake like that...
> Usually what you decribe means firewalling problem, or no proper ipsec
> saref = no in xl2tpd.conf (leaving the option out which defaults to no
> caused different behaviour in some versions, so best to always explicitely
> set it to no)
I tried the ipsec saref = no in my xl2tpd.conf, no change. I also setup
my iptables to log any udp packets dst 1701 on mangle prerouting and
input, as well as nat/prerouting, and filter/input. Using netkey, I
figured if l2tp is being decrypted, it should show up somewhere on the
path when it gets put back into iptables. But I got no log entries. I
take this to mean that if it is being blocked, it is being blocked while
still encrypted, but I can't really see how that could be possible...
> Check rp_filter settings? If on, it might be dropping packets for you.
All interfaces are set to 0. Checked for some pesky martians, too, but
I tried loading libreswan and xl2ptd on the 2nd internet connection,
just to see what would happen, and discovered an oddness; it seems I
cannot ping from the 2nd connection to IP addresses within my ISP's
range. can ping the gateway and outside the service area. would seem
something routing-wise is wobbling, might be the source of the problem...
More information about the Swan