From: Ken Green <Ken.G<reen@kg...> - 2006-01-13 15:59:15
Like Matle Starostik I'm running a combination of ipec-tools, l2tpd and
ppp to handle L2TP IPSec VPN connections from Windows clients.
I'm not sure whether this is an ipsec-tool problem or an l2tpd problem,
I suspect the latter so if this is not the place to ask questions please
let me know if there is somewhere more appropriate.
I'm running Redhat Fedora core 4.
When the PC clients have real network connections all this works fine,
but when they are behind NAT systems life's not so good.
The version of ipsec-tools shipped with FC4 doesn't work with NAT
because it doesn't support NATT with transport mode. So I've downloaded
and compiled 0.6.4 and now I can get a connection OK.
The problem comes when the NAT'ed PC disconnects, I get an l2tp error like:
l2tpd: control_finish: Peer tried to disconnect with invalid TID
(6 != 64199)
but the connection seems to shutdown OK.
If I then try and reconnect quickly the new connection fails.
Jan 13 12:19:46 hphighfield l2tpd: control_finish: Peer requested
tunnel 7 twice, ignoring second one.
Jan 13 12:19:47 hphighfield l2tpd: Maximum retries exceeded for
tunnel 4587. Closing.
Jan 13 12:19:47 hphighfield l2tpd: Connection 7 closed to
220.127.116.11, port 1701 (Timeout)
Jan 13 12:19:52 hphighfield l2tpd: Unable to deliver closing
message for tunnel 4587. Destroying anyway.
If rather than trying to reconnect immediately I wait about 5 minutes,
new connections work OK. There is no entry in the logs to indicate that
a timeout has occurred.
Any ideas anyone?