L2TP over IPsec VPN Manager

ipsec auto --up is occasionally started to early

Bug #781498 reported by Werner Jaeger on 2011-05-12

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	L2TP over IPsec VPN Manager	Fix Released	Medium	Werner Jaeger	L2TP over IPsec VPN Manager 1.0.0

Bug Description

when connecting ipsec auto --up is occasionally started before pluto is running or has added the connection. You then get an error 300 and in the connection information log you see something like this:

003 NAT-Traversal: Trying new style NAT-T
003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
003 NAT-Traversal: Trying old style NAT-T
000 initiating all conns with alias='freeusvpn'
021 no connection named "XXXXXX"
[ERROR 300] 'IPsec' failed to negotiate or establish security associations

Werner Jaeger (werner-jaeger) on 2011-05-12

Changed in l2tp-ipsec-vpn:
importance:	Undecided → Medium
assignee:	nobody → Werner Jaeger (werner-jaeger)
status:	New → In Progress

Werner Jaeger (werner-jaeger) on 2011-06-12

Changed in l2tp-ipsec-vpn:
milestone:	none → 1.0.0

Werner Jaeger (werner-jaeger) on 2011-06-17

Changed in l2tp-ipsec-vpn:
status:	In Progress → Fix Committed

Werner Jaeger (werner-jaeger) on 2011-09-18

Changed in l2tp-ipsec-vpn:
status:	Fix Committed → Fix Released

Revision history for this message

Julian Alarcon (julian-alarcon) wrote on 2012-04-02:

I think that there is a regression on this bug usng the last version 1.0.6

Revision history for this message

Werner Jaeger (werner-jaeger) wrote on 2012-04-04:

Julian, could you please be a bit more specific, eg. provide log entries from the connection information dialog ?

Revision history for this message

José (jozdr) wrote on 2012-04-11:

Hi... I have the same problem as Julian... here is my log...

P.S.: everything was working until version 1.0.4... then since 1.0.5 no more connections established!!!

apr 11 14:10:10.298 Stopping xl2tpd: xl2tpd.
apr 11 14:10:10.298 xl2tpd[1662]: death_handler: Fatal signal 15 received
apr 11 14:10:10.350 ipsec_setup: Openswan IPsec apparently already active, start aborted
apr 11 14:10:10.386 recvref[22]: Protocol not available
apr 11 14:10:10.387 Starting xl2tpd: xl2tpd.
apr 11 14:10:10.387 xl2tpd[2520]: This binary does not support kernel L2TP.
apr 11 14:10:10.388 xl2tpd[2521]: xl2tpd version xl2tpd-1.2.5 started on Mountaineer PID:2521
apr 11 14:10:10.390 xl2tpd[2521]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
apr 11 14:10:10.390 xl2tpd[2521]: Forked by Scott Balmos and David Stipp, (C) 2001
apr 11 14:10:10.390 xl2tpd[2521]: Inherited by Jeff McAdams, (C) 2002
apr 11 14:10:10.390 xl2tpd[2521]: Forked again by Xelerance (www.xelerance.com) (C) 2006
apr 11 14:10:10.391 xl2tpd[2521]: Listening on IP address 0.0.0.0, port 1701
apr 11 14:11:30.205 Last command timed out
apr 11 14:11:31.245 whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
apr 11 14:11:31.281 whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
apr 11 14:11:31.283 [ERROR 300] 'IPsec' failed to negotiate or establish security associations

Revision history for this message

jc (jcarmona-x) wrote on 2012-06-22:

I was also getting the messages:
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
as José did.

In terminal I do
sudo ipsec pluto
thereafter those messages disappear. But attempting to connect other messages crop up in Connection Information, e.g.
Jun 22 15:01:11.399 xl2tpd[6648]: Listening on IP address 0.0.0.0, port 1701
Jun 22 15:02:30.870 Last command timed out
Jun 22 15:02:31.945 000 initiating all conns with alias='L2TP_IPSec'
Jun 22 15:02:31.945 021 no connection named "L2TP_IPSec"
Jun 22 15:02:31.946 [ERROR 300] 'IPsec' failed to negotiate or establish security associations.

Output of ipsec verify:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.23/K2.6.35.10-1-jolicloud (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]

Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]

Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [FAILED]
Pluto listening for NAT-T on udp 4500 [FAILED]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.