[Openswan Users] ipsec+l2tp vpn failed

xutingting t.t.xu at outsideheaven.com
Tue Sep 25 02:50:39 EDT 2012 

Hi,

I have installed openswan-2.6.24 and xl2tp on my vps,i used yum to install 
xl2tpd.Aftering installing and configing,the vpn did not work.It showed error 
code 691,but the username and password were all correct.

I have checked the log.
=====================
log file:
Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec_setup: ...Openswan 
IPsec stopped
Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 kernel: NET: Registered 
protocol family 15
Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec_setup: Starting 
Openswan IPsec U2.6.24/K2.6.18-308.11.1.el5xen...
Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec_setup: Using 
NETKEY(XFRM) stack
Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 kernel: ipv6 esp init: 
can't add xfrm type
Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 kernel: ipv6 ah init: can't 
add xfrm type
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec_setup: ...Openswan 
IPsec started
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 pluto: adjusting ipsec.d to 
/etc/ipsec.d
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: adjusting 
ipsec.d to /etc/ipsec.d
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 002 added 
connection description "L2TP-PSK-NAT"
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 002 added 
connection description "L2TP-PSK-noNAT"
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 NAT-
Traversal: Trying new style NAT-T
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 NAT-
Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 NAT-
Traversal: Trying old style NAT-T
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 ERROR 
"/etc/ipsec.secrets" line 1: index "%any:PSK" non-hex field in IPv6 numeric 
address
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 ERROR 
"/etc/ipsec.secrets" line 1: index "yyuiGTH" does not look numeric and name 
lookup failed
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 
"/etc/ipsec.secrets" line 1: unexpected end of id list
Sep 25 00:04:14 acf9f826-1201-4213-9ac7-2c1fc1579e88 auditd[1226]: Audit daemon 
rotating log files
================

The infomation of my ipsec.conf: 
config setup
   dumpdir=/var/run/pluto/
   nat_traversal=yes
 virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.
0/8,%v6:fd00::/8,%v6:fe80::/10
oe=off
   protostack=netkey
conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=My server Ip
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any

ipsec.secrets:
My server Ip %any:PSK yyuiGTH

Thanks for any help.

More information about the Users mailing list