<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=big5">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="chsdate"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:·s²Ó©úÅé;
panose-1:2 2 3 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@·s²Ó©úÅé";
panose-1:2 2 3 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
layout-grid:18.0pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:305085469;
mso-list-type:hybrid;
mso-list-template-ids:-77575996 1439188394 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:18.0pt;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1
{mso-list-id:1091048525;
mso-list-template-ids:203216700;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:„h;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=ZH-TW link=blue vlink=purple style='text-justify-trim:punctuation'>
<div class=Section1 style='layout-grid:18.0pt'>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Hi, all<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>My goal is to setup openswan
server with l2tp/ipsec connection for iphone and windows mobile clients, using
kernel netkey, preshared key and client is behind NAT. The installed packages
in my linux box are: Kernel <st1:chsdate IsROCDate="False" IsLunarDate="False"
Day="30" Month="12" Year="1899" w:st="on">2.6.18</st1:chsdate> ;Openswan 2.4.14;Xl2tpd
1.2.4 and Pppd <st1:chsdate IsROCDate="False" IsLunarDate="False" Day="30"
Month="12" Year="1899" w:st="on">2.4.4</st1:chsdate> .<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>I have tested windows
mobile 5.0 , 6.0 and 6.1 , they are all working fine.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>Then I followed <a
href="http://www.jacco2.dds.nl/networking/freeswan-panther.html">http://www.jacco2.dds.nl/networking/freeswan-panther.html</a>
to config iphone as follows<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=·s²Ó©úÅé><span
lang=EN-US style='font-size:10.0pt;font-family:·s²Ó©úÅé'>Select "General"
-> "Network" -> "<a
href="http://versatile.vox.com/library/photo/6a00c2251df8cb604a00e398a9d6b90001.html">VPN</a>"
and then tap "Settings".<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=·s²Ó©úÅé><span
lang=EN-US style='font-size:10.0pt;font-family:·s²Ó©úÅé'><a
href="http://edge.macworld.com/2007/07/images/content/security3.jpg">Select
"L2TP"</a>. <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=·s²Ó©úÅé><span
lang=EN-US style='font-size:10.0pt;font-family:·s²Ó©úÅé'>Enter the L2TP/IPsec
server's address. <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=·s²Ó©úÅé><span
lang=EN-US style='font-size:10.0pt;font-family:·s²Ó©úÅé'>Tap "Account"
and enter your username (for user authentication in the PPP phase of the VPN). <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=·s²Ó©úÅé><span
lang=EN-US style='font-size:10.0pt;font-family:·s²Ó©úÅé'>Tap "Secret" and
enter your Preshared Key (for IPsec authentication). <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=·s²Ó©úÅé><span
lang=EN-US style='font-size:10.0pt;font-family:·s²Ó©úÅé'>Tap "Save" in
the upper right corner<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>But it is strange for iphone
that , under the same config , I can see the IPsec SA established from
ipsec barf and see tunnel has up from ipsec setup ¡Vstatus command.However iphone
shows VPN server problem and no connection has been setup. I checked
/var/log/messages but found nothing about xl2tpd or pppd. </span></font><font
size=2 face=·s²Ó©úÅé><span lang=EN-US style='font-size:10.0pt;font-family:·s²Ó©úÅé'>I
think there must be something wrong with l2tp/ppp, but no idea to find
and solve it. If anyone can provide </span></font><font size=2
face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'>any helpful
suggestion, will be appreciated.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=·s²Ó©úÅé><span
lang=EN-US style='font-size:10.0pt;font-family:·s²Ó©úÅé'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Thanks in advance <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>Jimmy <font color=navy><span
style='color:navy'><o:p></o:p></span></font></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=navy
face=Arial><span lang=EN-US style='font-size:9.0pt;font-family:Arial;
color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=navy
face=Arial><span lang=EN-US style='font-size:9.0pt;font-family:Arial;
color:navy'>------------------ Here is my ipsec.conf<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>config setup<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> nat_traversal=yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> virtual_private=%v4:192.168.0.0/24<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> nhelpers=0<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>conn L2TP-PSK-NAT<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> rightsubnet=vhost:%priv,%no<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> also=L2TP-PSK-noNAT<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>conn
L2TP-PSK-noNAT<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> authby=secret<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> pfs=no<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> auto=add<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> keyingtries=3<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> #
we cannot rekey for %any, let client rekey<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> rekey=no<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> type=transport<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> #<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> #left=%defaultroute<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> left=10.144.134.202<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
leftnexthop=10.144.134.254<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
leftprotoport=17/1701<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> #<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> #
The remote user.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> #<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> right=%any<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'> rightprotoport=17/%any<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>-----Here is xl2tpd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
style='font-size:9.0pt;font-family:"Courier New"'>[global]<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; listen-addr =
192.168.1.98<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; requires
openswan-3.1 or higher<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; ipsec saref =
yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; debug tunnel =
yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; auth
file=/etc/ppp/chap-secrets<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>[lns default]<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>ip range =
192.168.1.128-192.168.1.253<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>local ip =
192.168.1.100<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>require chap = yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>refuse pap = yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>require
authentication = yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>name = vpnserver<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>ppp debug = yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>pppoptfile =
/etc/ppp/options.xl2tpd<o:p></o:p></span></font></p>
<div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;
padding:0cm 0cm 1.0pt 0cm'>
<p class=MsoNormal style='text-autospace:none;border:none;padding:0cm'><font
size=1 face="Courier New"><span lang=EN-US style='font-size:9.0pt;font-family:
"Courier New"'>length bit = yes<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>------- here is my
options.xl2tpd<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>ipcp-accept-local<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>ipcp-accept-remote<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>require-mschap-v2<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>noccp<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>auth<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>crtscts<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>idle 1800<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>mtu 1200<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>mru 1200<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>nodefaultroute<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>debug<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>lock<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>proxyarp<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>connect-delay 5000<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>logfile
/var/log/xl2tpd.log<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
</div>
</body>
</html>