# OpenSwan/xl2tpd not working

## lazloman

I'm trying to setup a VPN server using OpenSwan and xl2tpd. After getting everything configured and started, I tried to connect from a Mac client and got this error:

```

The L2TP-VPN server is not responding. Please check your settings"

Using TCPDump, I can see UDP traffic across port 500, but nothing across port 1701. Looking in the logs on the Mac, I see this pair of messages:

9/26/10 9:54:21 PM   racoon[27]   IKE Packet: transmit success. (Initiator, Main-Mode message 1).

9/26/10 9:45:26 PM   racoon[27]   IKE Packet: receive failed. (malformed or unexpected cookie).

The pair repeats 3 times, before failing

```

Nothing is logged anywhere in Linux whether it be syslog or in the log file used by xl2tpd. I can't access my linux box right now, so I'll post my config files later, but in the meantime, does anyone have an idea what might be wrong?

Thanks

----------

## lazloman

So, I think I was missing ipsec-tools, but when trying to install it, I get this error message:

```

 /usr/bin/install -c -m 644 racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h schedule.h sockmisc.h vmbuf.h isakmp_var.h isakmp.h isakmp_xauth.h isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/image//usr/include/racoon'

/usr/bin/install: will not overwrite just-created `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/image//usr/include/racoon/vmbuf.h' with `vmbuf.h'

libtool: install: /usr/bin/install -c plainrsa-gen /var/tmp/portage/net-firewall/ipsec-tools-0.7.2/image//usr/sbin/plainrsa-gen

make[4]: *** [install-include_racoonHEADERS] Error 1

make[4]: *** Waiting for unfinished jobs....

make[4]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2/src/racoon'

make[3]: *** [install-am] Error 2

make[3]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2/src/racoon'

make[2]: *** [install] Error 2

make[2]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2/src/racoon'

make[1]: *** [install-recursive] Error 1

make[1]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2/src'

make: *** [install-recursive] Error 1

 * ERROR: net-firewall/ipsec-tools-0.7.2 failed:

 *   (no error message)

 * 

 * Call stack:

 *     ebuild.sh, line  54:  Called src_install

 *   environment, line 4149:  Called die

 * The specific snippet of code:

 *       emake DESTDIR="${D}" install || die;

 * 

 * If you need support, post the output of 'emerge --info =net-firewall/ipsec-tools-0.7.2',

 * the complete build log and the output of 'emerge -pqv =net-firewall/ipsec-tools-0.7.2'.

 * The complete build log is located at '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/build.log'.

 * The ebuild environment file is located at '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/environment'.

 * S: '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2'

>>> Failed to emerge net-firewall/ipsec-tools-0.7.2, Log file:

>>>  '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/build.log'

 * Messages for package net-firewall/ipsec-tools-0.7.2:

 * QA: You called linux_chkconfig_present before any linux_config_exists!

 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!

 * [XFRM_USER] Transformation user configuration interface is NOT enabled.

 * QA: You called linux_chkconfig_present before any linux_config_exists!

 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!

 * QA: You called linux_chkconfig_present before any linux_config_exists!

 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!

 * QA: You called linux_chkconfig_present before any linux_config_exists!

 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!

 * QA: You called linux_chkconfig_present before any linux_config_exists!

 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!

 * QA: You called linux_chkconfig_present before any linux_config_exists!

 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!

 * QA: You called linux_chkconfig_present before any linux_config_exists!

 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!

 * QA: You called linux_chkconfig_present before any linux_config_exists!

 * QA: The return value of linux_chkconfig_present will NOT gaurenteed later!

 * ERROR: net-firewall/ipsec-tools-0.7.2 failed:

 *   (no error message)

 * 

 * Call stack:

 *     ebuild.sh, line  54:  Called src_install

 *   environment, line 4149:  Called die

 * The specific snippet of code:

 *       emake DESTDIR="${D}" install || die;

 * 

 * If you need support, post the output of 'emerge --info =net-firewall/ipsec-tools-0.7.2',

 * the complete build log and the output of 'emerge -pqv =net-firewall/ipsec-tools-0.7.2'.

 * The complete build log is located at '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/build.log'.

 * The ebuild environment file is located at '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/temp/environment'.

 * S: '/var/tmp/portage/net-firewall/ipsec-tools-0.7.2/work/ipsec-tools-0.7.2'

```

Any and all ideas welcome.

----------

## salahx

You don't need ipsec-tools. Openswan has everything you need.

The Mac OS IPsec is very silent and very picky, especially with certificate-based authentication.

----------

## lazloman

Thanks for the reply. I'll keep that in mind, but I can't even try to get a ipsec started, much less connect a Mac client.

----------

