<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=big5">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="chsdate"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:新細明體;
panose-1:2 2 3 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@新細明體";
panose-1:2 2 3 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:Arial;
color:navy;}
span.EmailStyle19
{mso-style-type:personal;
font-family:Arial;
color:navy;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
layout-grid:18.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=ZH-TW link=blue vlink=purple style='text-justify-trim:punctuation'>
<div class=Section1 style='layout-grid:18.0pt'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Hi, all<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>My goal is to setup
openswan server with l2tp/ipsec connection for iphone and windows mobile clients,
using kernel netkey, preshared key <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>and client is behind NAT.
The installed packages in my linux box are: Kernel <st1:chsdate
IsROCDate="False" IsLunarDate="False" Day="30" Month="12" Year="1899" w:st="on">2.6.18</st1:chsdate>
;Openswan 2.4.14;Xl2tpd 1.2.4 and Pppd <st1:chsdate IsROCDate="False"
IsLunarDate="False" Day="30" Month="12" Year="1899" w:st="on">2.4.4</st1:chsdate>
.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>I have tested windows
mobile 5.0 , 6.0 and 6.1 , they are all working fine.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>Then I followed
“http://www.jacco2.dds.nl/networking/freeswan-panther.html” to config iphone as
follows<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=新細明體><span
lang=EN-US style='font-size:10.0pt;font-family:新細明體'>Select "General"
-> "Network" -> </span></font><font size=2 color=navy
face=新細明體><span style='font-size:10.0pt;font-family:新細明體;color:navy'>“<span
lang=EN-US>VPN</span>”</span></font><font size=2 face=新細明體><span lang=EN-US
style='font-size:10.0pt;font-family:新細明體'> and then tap "Settings".<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=新細明體><span
lang=EN-US style='font-size:10.0pt;font-family:新細明體'>Select "L2TP</span></font><font
size=2 color=navy face=新細明體><span style='font-size:10.0pt;font-family:新細明體;
color:navy'>”</span></font><font size=2 face=新細明體><span lang=EN-US
style='font-size:10.0pt;font-family:新細明體'>. <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=新細明體><span
lang=EN-US style='font-size:10.0pt;font-family:新細明體'>Enter the L2TP/IPsec
server's address. <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=新細明體><span
lang=EN-US style='font-size:10.0pt;font-family:新細明體'>Tap "Account"
and enter your username (for user authentication in the PPP phase of the VPN). <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=新細明體><span
lang=EN-US style='font-size:10.0pt;font-family:新細明體'>Tap "Secret" and
enter your Preshared Key (for IPsec authentication). <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=新細明體><span
lang=EN-US style='font-size:10.0pt;font-family:新細明體'>Tap "Save" in
the upper right corner<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>But it is strange for
iphone that , under the same config , I can see the IPsec SA established
from ipsec barf and see tunnel has been up<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'> from ipsec setup
–status command. However iphone shows VPN server problem and no connection has
been setup. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>I checked
/var/log/messages but found nothing about xl2tpd or pppd.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'> </span></font><font
size=2 face=新細明體><span lang=EN-US style='font-size:10.0pt;font-family:新細明體'>I
think there must be something wrong with l2tp/ppp, but no idea to find
and solve it. <font color=navy><span style='color:navy'><o:p></o:p></span></font></span></font></p>
<p class=MsoNormal><font size=2 face=新細明體><span lang=EN-US style='font-size:
10.0pt;font-family:新細明體'> If anyone can provide </span></font><font
size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'>any
helpful suggestion, will be appreciated.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:20.0pt'><font size=2 face=新細明體><span
lang=EN-US style='font-size:10.0pt;font-family:新細明體'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Thanks in advance <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>Jimmy <font color=navy><span
style='color:navy'><o:p></o:p></span></font></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=navy
face=Arial><span lang=EN-US style='font-size:9.0pt;font-family:Arial;
color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 color=navy
face=Arial><span lang=EN-US style='font-size:9.0pt;font-family:Arial;
color:navy'>------------------ Here is my ipsec.conf<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>config setup<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
nat_traversal=yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
virtual_private=%v4:192.168.0.0/24<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
nhelpers=0<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>conn L2TP-PSK-NAT<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
rightsubnet=vhost:%priv,%no<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
also=L2TP-PSK-noNAT<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>conn
L2TP-PSK-noNAT<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
authby=secret<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
pfs=no<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
auto=add<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
keyingtries=3<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
# we cannot rekey for %any, let client rekey<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
rekey=no<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
type=transport<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
#<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
#left=%defaultroute<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
left=10.144.134.202<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
leftnexthop=10.144.134.254<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
leftprotoport=17/1701<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
#<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
# The remote user.<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
#<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
right=%any<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>
rightprotoport=17/%any<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>-----Here is
xl2tpd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>[global]<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; listen-addr =
192.168.1.98<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; requires
openswan-3.1 or higher<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; ipsec saref =
yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; debug tunnel =
yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>; auth
file=/etc/ppp/chap-secrets<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>[lns default]<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>ip range =
192.168.1.128-192.168.1.253<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>local ip =
192.168.1.100<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>require chap = yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>refuse pap = yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>require
authentication = yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>name = vpnserver<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>ppp debug = yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>pppoptfile =
/etc/ppp/options.xl2tpd<o:p></o:p></span></font></p>
<div style='border:none;border-bottom:solid windowtext 1.0pt;padding:0cm 0cm 1.0pt 0cm'>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>length bit = yes<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>------- here is my
options.xl2tpd<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>ipcp-accept-local<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>ipcp-accept-remote<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>require-mschap-v2<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>noccp<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>auth<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>crtscts<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>idle 1800<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>mtu 1200<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>mru 1200<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>nodefaultroute<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>debug<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>lock<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>proxyarp<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>connect-delay 5000<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face="Courier New"><span
lang=EN-US style='font-size:9.0pt;font-family:"Courier New"'>logfile
/var/log/xl2tpd.log<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
</div>
</body>
</html>