<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
Hi all,<br>I'm working on a thesis project , and i need to create a VPN roadwarrior connection for my University Department's LAN.<br>This is the configuration<br>SERVER:Linux Debian 2.4.6 with Openswan 2.4(netkey),l2tpd 0.69 and pppd2.4.3, not NATted, public ip: 141.250.40.34.(attila.diei.unipg.it).<br>CLIENT: Linux Ubuntu, 2.6 with Openswan 2.4(netkey),xl2tpd 1.1 and pppd2.4.4, NATted, provate ip10.1.1.16, gateway 10.1.1.1<br>I have to astablish a vpn connection with the server machine and give to the warriors the VIRTUAL IP addresses within the pool 141.250.40.51 - 141.250.40.52<br><br>I'm working on it from over one month, but without luck.<br>At the moment I can establish a tunnel between the two end point(this is what ipsec says), but i can't ping each-other.<br>Plus I can't start a right l2tpd connection for virtual ip assigning.<br>Once the IPsec tunnel is up, and startup the l2tpd server by #/etc/init.d/l2tpd start<br>At this time i need to start the xl2tpd daemon in the client machine, but I can't do it, because I can't find the right command. Googling I've found several ways that should do it:<br>1) #/etc/init.d/xl2tpd start<br>2)#/usr/sbin/xl2tpd -D<br>3)#echo "c <xl2tpd connection name>" > /var/run/xl2tpd"l2tp-control (If I want to use this command, I need to create the folder and l2tp-control file before).<br>When I try to startup the xl2tpd connection, nothing happen. Even sniffing with tcpdump I can't see any packets (except the isakmp-nat-keep-alive pachets between the two end-points).<br>I can't really understand what I have to do.<br>Can you help me some way?<br>Here's all the configuration file of CLIENT and SERVER.<br>============================================<br><span style="font-weight: bold;">ipsec.conf of the client</span><br>config setup<br> interfaces=%defaultroute<br> klipsdebug=none<br> plutodebug=none<br> nat_traversal=yes<br>conn Prova<br> left=141.250.40.34 <br> right=%defaultroute<br> rightnexthop=10.1.1.1<br> auto=start<br> authby=secret<br> leftprotoport=17/1701<br> rightprotoport=17/1701<br><br><span style="font-weight: bold;">ipsec.conf of the server</span><br><br>config setup<br> interfaces=%defaultroute<br> nat_traversal=yes<br> virtual_private=%v4:192.168.0.0/16,%v4:10.1.0.0/16<br> klipsdebug=none<br> plutodebug=none<br> <br>conn prova<br> left=%defaultroute<br> leftnexthop=141.250.40.30<br> right=%any<br> rightsubnet=vhost:%no,%priv<br> rightprotoport=17/1701<br> leftprotoport=17/1701<br> authby=secret<br> type=tunnel<br> auto=start<br>=================================================<br><span style="font-weight: bold;">xl2tpd.conf of the clien</span>t<br><br>[global] <br> port = 1701 <br> access control = no<br> <br> [lac Eugenio_prova] <br> lns = 141.250.40.34 <br> redial = yes <br> require chap = yes <br> refuse pap = yes <br> name = warrior <br> pppoptfile = /etc/ppp/options.l2tpd.lac<br><br><span style="font-weight: bold;">l2tpd.conf of the server</span> <br><br> [global] <br> port = 1701 <br> access control = no <br> <br> [lns default] <br> ip range = 141.250.40.51 - 141.250.40.52 <br> local ip = 141.250.40.56 <br> length bit = yes <br> require chap = yes <br> refuse pap = yes <br> name = server_diei <br> pppoptfile=/etc/ppp/options.l2tpd.lns<br>=====================================<br><span style="font-weight: bold;">options.xl2tpd.lac of the client</span><br><br>ipcp-accept-local<br>ipcp-accept-remote<br>refuse-eap<br>noccp<br>noauth<br>crtscts<br>idle 1800<br>mtu 1410<br>mru 1410<br>nodefaultroute<br>debug<br>lock<br>proxyarp<br>connect-delay 5000<br><br><span style="font-weight: bold;">options.l2tpd.lns of the server</span><br><br>ipcp-accept-remote<br>ipcp-accept-local<br>asyncmap 0<br>#auth<br>crtscts<br>lock<br>hide-password<br>modem<br>proxyarp<br>lcp-echo-interval 30<br>lcp-echo-failure 4<br>ipcp-accept-local<br>ipcp-accept-remote<br>=========================================<br><br><span style="font-weight: bold;">chap-secret of the client</span><br><br>#client server secret IP addresses<br>warrior server_diei "*********" *<br><br><span style="font-weight: bold;">chap-secret of the server</span><br><br># client server secret IP addresses<br><br>warrior * "pppsecret" 141.250.40.51<br>* server_diei "pppsecret" 141.250.40.51<br><br>In order to skip complicated configuration, I tried to use WinXP Service Pack 2 following the Jacco's networking stuff on th web, but without luck.<br>Here's my auth.log file (client side)<br><br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: initiating Main Mode<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: ignoring unknown Vendor ID payload [4f456c4c4f5d5264574e5244]<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: received Vendor ID payload [Dead Peer Detection]<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: received Vendor ID payload [RFC 3947] method set to=109 <br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: I did not send a certificate because I do not have one.<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: Main mode peer ID is ID_IPV4_ADDR: '141.250.40.34'<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Sep 16 17:07:44 eugenio-laptop pluto[12568]: "Prova" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x9f7bc26c <0x4fa27949 xfrm=AES_0-HMAC_SHA1 NATD=141.250.40.34:4500 DPD=none}<br><br><br>When I try to startup xl2tpd , this is what happen<br><br>xl2tpd[12809]: xl2tpd version xl2tpd-1.1.12 started on eugenio-laptop PID:12809<br>xl2tpd[12809]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.<br>xl2tpd[12809]: Forked by Scott Balmos and David Stipp, (C) 2001<br>xl2tpd[12809]: Inherited by Jeff McAdams, (C) 2002<br>xl2tpd[12809]: Forked again by Xelerance (www.xelerance.com) (C) 2006<br>xl2tpd[12809]: Listening on IP address 0.0.0.0, port 1701<br> [ctrl+c]<br>^Vxl2tpd[12809]: death_handler: Fatal signal 2 received<br>.<br>I really hope somebody can help me, because I've no idea where I'm wrong.<br><br>Thank you all in advance.<br>Eugenio.<br><br /><hr />Crosswire, il gioco delle relazioni. <a href='http://livesearch.games.msn.com/crosswire/play_it/' target='_new'>Sei pronto per la sfida?</a></body>
</html>