<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#333333">
Hi,<br>
<br>
Here it is my ipsec verify command results :<br>
<br>
root@integration:~# ipsec verify<br>
Checking your system to see if IPsec got installed and started
correctly:<br>
Version check and ipsec on-path [OK]<br>
Linux Openswan U2.4.7/K2.6.18.3dedibox_r6_final (netkey)<br>
Checking for IPsec support in kernel [OK]<br>
NETKEY detected, testing for disabled ICMP send_redirects [OK]<br>
NETKEY detected, testing for disabled ICMP accept_redirects [OK]<br>
Checking for RSA private key (/etc/ipsec.secrets)
[DISABLED]<br>
ipsec showhostkey: no default key in "/etc/ipsec.secrets"<br>
Checking that pluto is running [OK]<br>
Checking for 'ip' command [OK]<br>
Checking for 'iptables' command [OK]<br>
Opportunistic Encryption Support
[DISABLED]<br>
<br>
Any idea to activate Internet on vpn l2tpd clients ?<br>
<br>
Paul Wouters a écrit :
<blockquote
cite="midPine.LNX.4.64.0611280613520.11210@tla.xelerance.com"
type="cite">
<pre wrap="">On Tue, 28 Nov 2006, Reza ISSANY wrote:
</pre>
<blockquote type="cite">
<pre wrap="">When I initiate a connection, I have a ppp0 that appears.
The connection works : I can ping the remote l2tpd gateway, remote DNS server,
but I can not access to internet.
I'll try tomorrow to do a tcpdump. Do I have to add any routes to activate
internet
to remote clients ?
</pre>
</blockquote>
<pre wrap=""><!---->
run ipsec verify on the server. Check forwarding, check for bogus redirects, check
for firewall rules, check for NAT, and check if the gateway can reach the internet
on its "l2tp pool" IP address using 'ping -I sourceip <a class="moz-txt-link-abbreviated" href="http://www.google.com">www.google.com</a>'
Paul
</pre>
<blockquote type="cite">
<pre wrap="">thanks for your help.
azer.
Paul Wouters a écrit :
</pre>
<blockquote type="cite">
<pre wrap="">On Mon, 27 Nov 2006, Reza ISSANY wrote:
</pre>
<blockquote type="cite">
<pre wrap="">No, this is my config :
</pre>
</blockquote>
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap=""># basic configuration
config setup
interfaces="ipsec0=eth0"
nat_traversal=yes
virtual_private=%v4:!172.16.7.0/16,%v4:192.168.7.0/24
klipsdebug=none
plutodebug=all
</pre>
</blockquote>
<pre wrap="">disable that plutodebug line.
</pre>
<blockquote type="cite">
<pre wrap="">conn %default
left=88.191.35.181
# Add connections here
conn xp
keyingtries=1
compress=no
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
leftcert=integration.pem
leftprotoport=17/1701
leftnexthop=88.191.35.1
right=%any
rightca=%same
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
pfs=no
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
</pre>
</blockquote>
<pre wrap="">Ok, so you are trying to use l2tp. Check the logs. do you get an IPsec SA
established?
If not, the IPsec part is not working.
If you do, the next step is to check the server for ppp interfaces. If you
don't get one,
the L2TP part is not working.
If you do ge ta ppp interfaces, then check Windows to see if you got an
interfaces there.
If you did. Try and ping the gateway. If that works, ping something else and
tcpdump
the packets on the gateway to see if you have a routing/firewall issue.
Paul
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br>
</body>
</html>