[Swan] xl2tpd and Microsoft, was Re: [libreswan/libreswan] Connection closed to remote ip (#306)

John Crisp jcrisp at safeandsoundit.co.uk
Fri Feb 7 16:17:00 UTC 2020

On Mon, 3 Feb 2020 08:57:46 +0100
Paul Wouters <paul at nohats.ca> wrote:

> This is an interesting and unexpected bit of information. I know in
> the past, xl2tpd mishandled the kernel case and forcing to userland
> resolved it. It’s odd to see the reverse now. Sending this message to
> the libreswan list for larger visibility. I will also update the FAQ
> with this.

That's odd.

Following my trials and tribulations I have Win7/10 boxes connecting to
libre 3.29 & xl2tpd 1.3.8 


What I have been banging my head against is my Android phone just
updated to Android 10 that cannot keep a connection beyond about 90
seconds with the dreaded:

"Maximum retries exceeded for tunnel xxx"


iPhone with iOS 13.3 seems to work OK, desktops, Macs etc, but my phone
has stopped.

I have tried multiple combinations & settings to no avail.

From the comment below I note that I haven't got l2tp_ppp loaded at any
time (as far as I can tell)

I have these modules....


But not loaded....

lsmod |grep pp
pppoe                  11270  0 
pppox                   2728  1 pppoe
ppp_deflate             4168  0 
ppp_async               7858  1 
crc_ccitt               1717  1 ppp_async
ppp_generic            25526  8 pppoe,pppox,ppp_deflate,ppp_async
slhc                    5837  1 ppp_generic
zlib_deflate           21661  2 ppp_deflate,deflate

Apart from the fact I seem to have crashed libre
(https://github.com/libreswan/libreswan/issues/309) has any one got any

I can post configs if required.

Pulling my hair out with this!! Just as I get Windows going Android
stops.... !!!!

B. Rgds

> > On Feb 3, 2020, at 05:40, Douglas Kosovic
> > <notifications at github.com> wrote:
> > 
> > Glad to hear you got it working.
> > 
> > Not sure why it broke. For Microsoft L2TP compatibility, I haven't
> > really looked into why xl2tpd works with the l2tp_ppp kernel
> > module, but not the userspace fallback alternative. I only found
> > out about the issue last week, reproduced the issue and worked out
> > that the l2tp_ppp kernel module wasn't getting loaded with Fedora
> > >= 31.
> > 
> > —
> > You are receiving this because you were mentioned.
> > Reply to this email directly, view it on GitHub, or unsubscribe.  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200207/7450c143/attachment.sig>

More information about the Swan mailing list