I could not connect to my l2tp vpn. It took me some time to find the locations of related logs. Open /var/log/messages and I find the xl2tpd error: “xl2tpd[xxxx]: Maximum retries exceeded for tunnel xxx. Closing.” Searching the error message in google, I got this post. According to the post, I should add the following lines in ipsec.conf. But this actually does not work. Issuing the command: xl2tpd -D, I got this error:
IPsec SAref does not work with L2TP kernel mode yet, enabling force userspace=yes
setsockopt recvref: Protocol not available
The first error seems not vital, but searching for the second error does not help in figuring out the cause. Since there are too few xl2tpd messages in the log file to help to debug the problem, I want to turn on l2tp debug to get more information. How to turn l2tp debug on? By searching google, first I got to know how to turn ipsec debug on. The option is in
/etc/ipsec.conf, where you need to add the following two lines under the “config setup” section:
I watched the log file while connecting to the l2tp vpn but it seemed no related messages generated for the failed connection. I do not know the mechanism of l2tp vpn. Maybe the error occurred before entering into the ipsec phrase.
There is also a debug option in /etc/xl2tpd/xl2tpd.conf and I turned it on:
ppp debug = yes