Cisco L2TP client not connecting over IPSEC

Question

Cisco L2TP client not connecting over IPSEC

I've managed to bring up the IPSEC tunnel between a cisco router to libreswan on linux in AWS cloud. However i'm unable to successfully connect L2TP over the tunnel. I'm behind ISP NAT, hence the 192.168.21.2 on the public interface, and vpn ip masked as google's dns for security reasons

Oct  8 13:59:49.850: L2TP app   _____:00001002:XCON:
Oct  8 13:59:49.850: L2TP app   _____:00001002:XCON: APP->L2TP: activate,
Oct  8 13:59:49.850: L2TP app   _____:00001002:XCON:            client 00001002
Oct  8 13:59:49.850: L2TP app   _____:00001002:XCON:            app XCONNECT
Oct  8 13:59:49.850: L2TP app   _____:00001002:XCON:
Oct  8 13:59:49.850: L2TP       _____:________: Find cc between
Oct  8 13:59:49.850: L2TP       _____:________:   192.168.21.2<->8.8.8.8
Oct  8 13:59:49.850: L2TP       _____:________:   with class: l2tp_default_class
Oct  8 13:59:49.850: L2TP       _____:________:   and IP proto: L2TPoUDP
Oct  8 13:59:49.850: L2TP       _____:________:   and framing type: none
Oct  8 13:59:49.850: L2TP       _____:________:   and bearer type: none
Oct  8 13:59:49.850: L2TP       _____:________:   and version: V2
Oct  8 13:59:49.850: L2TP       _____:________:   and local hostname: my-router
Oct  8 13:59:49.850: L2TP       _____:________: Need to instigate control channel
Oct  8 13:59:49.850: L2X  tnl   0A484:________: Create logical tunnel
Oct  8 13:59:49.850: L2TP tnl   0A484:________: Create tunnel
Oct  8 13:59:49.850: L2TP tnl   0A484:________:     version set to V2
Oct  8 13:59:49.850: L2TP tnl   0A484:________:     remote ip set to 8.8.8.8
Oct  8 13:59:49.850: L2TP tnl   0A484:________:     local ip set to 192.168.21.2
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:     class name l2tp_default_class
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:     class name l2tp_default_class
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7: FSM-CC ev App-Conn
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7: FSM-CC    Idle->Wt-Sock
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7: FSM-CC do App-Connect-Sock
Oct  8 13:59:49.850: L2TP app   0A484:00001002:XCON: Created
Oct  8 13:59:49.850: L2TP app   0A484:00001002:XCON:   App count now 1
Oct  8 13:59:49.850: L2X        _____:________: l2x_open_socket: is called
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7: Open sock 192.168.21.2:1701->8.8.8.8:1701
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7: FSM-CC ev Sock-Ready
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7: FSM-CC    Wt-Sock->Wt-SCCRP
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7: FSM-CC do Tx-SCCRQ
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7: O SCCRQ to 8.8.8.8
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:  IETF v2:
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:   Protocol Version  1, Revision 0
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:   Framing Cap       none(0x0)
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:   Tie Breaker
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:     4D97AA489EC96DF5
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:   Firmware Ver      0x1130
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:   Hostname           "my-router"
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:   Vendor Name
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:      "Cisco Systems, Inc."
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:   Assigned Tunnel I 0x00002EF7 (12023)
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:   Recv Window Size  512
Oct  8 13:59:49.850: L2TP tnl   0A484:00002EF7:
Oct  8 13:59:50.850: L2TP tnl   0A484:00002EF7: O Resend SCCRQ, flg TLS, ver 2, len 113
Oct  8 13:59:52.850: L2TP tnl   0A484:00002EF7: O Resend SCCRQ, flg TLS, ver 2, len 113
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7: Shutting down tunnel
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:   With 1 app
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:   Result Code
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:     General error - refer to error code
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:   Error Code
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:     Vendor specific
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:   Vendor Error
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:     Tunnel shut
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:   Optional Message
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:     "8.8.8.8 is unreachable"  (I'm able to reach the vpn server, all necessary ports are open as well. Not sure why this error is happening)
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7:
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7: FSM-CC ev Shut
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7: FSM-CC    Wt-SCCRP->Wt-STOPACK
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7: FSM-CC do Tx-StopCCN-Error
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7: Notify 1 app cc, FAILED
Oct  8 13:59:56.850: L2TP app   0A484:00001002:XCON:
Oct  8 13:59:56.850: L2TP app   0A484:00001002:XCON: APP<-L2TP: notify cc,
Oct  8 13:59:56.850: L2TP app   0A484:00001002:XCON:            client 00001002
Oct  8 13:59:56.850: L2TP app   0A484:00001002:XCON:            app XCONNECT
Oct  8 13:59:56.850: L2TP app   0A484:00001002:XCON:            FAILED
Oct  8 13:59:56.850: L2TP app   0A484:00001002:XCON:
Oct  8 13:59:56.850: L2TP       _____:________: L2TUN: app XCONNECT cc status
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7: FSM-CC ev App-Disc
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7: FSM-CC    in Wt-STOPACK
Oct  8 13:59:56.850: L2TP tnl   0A484:00002EF7: FSM-CC do App-Disc-Shut
Oct  8 13:59:56.850: L2TP app   0A484:00001002:XCON: Destroyed
Oct  8 13:59:56.850: L2TP app   0A484:00001002:XCON:   App count now 0

I have one access list applied to the crypto map:

Extended IP access list 100
    10 permit udp host 192.168.21.2 eq 1701 host 8.8.8.8 eq 1701 (17765 matches)

cisco

ipsec

l2tp

asked on Stack Overflow Oct 8, 2019 by

Duane Barker

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0