cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tamas Monos <tam...@veber.co.uk>
Subject RE: VPN with CS 3.0.2
Date Fri, 25 May 2012 17:10:56 GMT
Hi,

I can get this far on the client side:

May 25 18:01:20.706 Starting xl2tpd: xl2tpd.
May 25 18:01:20.731 ipsec__plutorun: 002 added connection description "cloud"
May 25 18:01:20.828 104 "cloud" #1: STATE_MAIN_I1: initiate
May 25 18:01:20.828 003 "cloud" #1: ignoring unknown Vendor ID payload [4f45517b4f7f6e657a7b4351]
May 25 18:01:20.828 003 "cloud" #1: received Vendor ID payload [Dead Peer Detection]
May 25 18:01:20.828 003 "cloud" #1: received Vendor ID payload [RFC 3947] method set to=109

May 25 18:01:20.828 106 "cloud" #1: STATE_MAIN_I2: sent MI2, expecting MR2
May 25 18:01:20.829 003 "cloud" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected
May 25 18:01:20.829 108 "cloud" #1: STATE_MAIN_I3: sent MI3, expecting MR3
May 25 18:01:20.829 003 "cloud" #1: received Vendor ID payload [CAN-IKEv2]
May 25 18:01:20.829 004 "cloud" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=aes_128 prf=oakley_sha group=modp2048}
May 25 18:01:20.829 117 "cloud" #2: STATE_QUICK_I1: initiate
May 25 18:01:20.829 004 "cloud" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport
mode {ESP=>0x6dad627d <0x503f8ead xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
May 25 18:01:20.833 xl2tpd[5252]: Connecting to host 217.168.x.y, port 1701
May 25 18:01:25.836 xl2tpd[5252]: Maximum retries exceeded for tunnel 2545.  Closing.
May 25 18:01:25.837 xl2tpd[5252]: Connection 0 closed to 217.168.x.y, port 1701 (Timeout)
May 25 18:01:30.842 xl2tpd[5252]: Unable to deliver closing message for tunnel 2545. Destroying
anyway.

On the server side I get:

May 25 17:01:23 r-119-VM xl2tpd[9094]: control_finish: Peer requested tunnel 2545 twice, ignoring
second one.
May 25 17:01:23 r-119-VM xl2tpd[9094]: control_finish: Peer requested tunnel 2545 twice, ignoring
second one.
May 25 17:01:24 r-119-VM xl2tpd[9094]: control_finish: Peer requested tunnel 2545 twice, ignoring
second one.
May 25 17:01:25 r-119-VM xl2tpd[9094]: control_finish: Peer requested tunnel 2545 twice, ignoring
second one.
May 25 17:01:26 r-119-VM xl2tpd[9094]: check_control: Received out of order control packet
on tunnel -1 (got 1, expected 0)
May 25 17:01:26 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
May 25 17:01:27 r-119-VM xl2tpd[9094]: check_control: Received out of order control packet
on tunnel -1 (got 1, expected 0)
May 25 17:01:27 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
May 25 17:01:28 r-119-VM xl2tpd[9094]: Maximum retries exceeded for tunnel 20224.  Closing.
May 25 17:01:28 r-119-VM xl2tpd[9094]: check_control: Received out of order control packet
on tunnel -1 (got 1, expected 0)
May 25 17:01:28 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
May 25 17:01:28 r-119-VM xl2tpd[9094]: Connection 2545 closed to 217.168.u.v, port 1701 (Timeout)
May 25 17:01:29 r-119-VM xl2tpd[9094]: check_control: Received out of order control packet
on tunnel -1 (got 1, expected 0)
May 25 17:01:29 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
May 25 17:01:30 r-119-VM xl2tpd[9094]: check_control: Received out of order control packet
on tunnel -1 (got 1, expected 0)
May 25 17:01:30 r-119-VM xl2tpd[9094]: handle_packet: bad control packet!
May 25 17:01:33 r-119-VM xl2tpd[9094]: Unable to deliver closing message for tunnel 20224.
Destroying anyway.

I suspect a network problem between hosts on port 1701 but I don't see any outgoing attempts
any directions via tcpdump on port 1701.
I'll play around a bit more.
If anyone has any ideas, welcome :)

Regards

Tamas Monos                                               DDI         +44(0)2034687012
Chief Technical                                             Office    +44(0)2034687000
Veber: The Hosting Specialists               Fax         +44(0)871 522 7057
http://www.veber.co.uk

Follow us on Twitter: www.twitter.com/veberhost
Follow us on Facebook: www.facebook.com/veberhost

-----Original Message-----
From: Tamas Monos [mailto:tamasm@veber.co.uk] 
Sent: 25 May 2012 12:13
To: cloudstack-users@incubator.apache.org
Subject: VPN with CS 3.0.2

Hi,

I have tried a few times with earlier version to setup VPN.
I can get the tunnel up and see the ESP packets back and forth but I get no IP from the virtual
router (tunnel endpoint) so I can't send any traffic through the tunnel.
Any suggestions what I'm missing here?

Regards

Tamas Monos                                               DDI         +44(0)2034687012
Chief Technical                                             Office    +44(0)2034687000
Veber: The Hosting Specialists               Fax         +44(0)871 522 7057
http://www.veber.co.uk<http://www.veber.co.uk/>

Follow us on Twitter: www.twitter.com/veberhost<http://www.twitter.com/veberhost>
Follow us on Facebook: www.facebook.com/veberhost<http://www.facebook.com/veberhost>



Mime
View raw message