I already download the newest tar.gz, and make programs install , but I couldn&#39;t connect from the client this time, no response from the server seems(not the iptable problem)<div>xl2tp : 1.25 </div><div>centos 5.3</div>
<div>xen virtual machine</div><div><br></div><div>it&#39;s working when I use the openswan 2.6.24 rpm</div><meta charset="utf-8"><div><br></div><div><br></div><div>this is the results</div><div><br><div><div>ipsec verify</div>
<div>Checking your system to see if IPsec got installed and started correctly:</div><div>Version check and ipsec on-path                             <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div><div>
Linux Openswan U2.6.32/K2.6.26-2-xen-amd64 (netkey)</div><div>Checking for IPsec support in kernel                        <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div><div> SAref kernel support                                       <span class="Apple-tab-span" style="white-space:pre">        </span>[N/A]</div>
<div> NETKEY:  Testing for disabled ICMP send_redirects          <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div><div>NETKEY detected, testing for disabled ICMP accept_redirects <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div>
<div>Checking that pluto is running                              <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div><div> Pluto listening for IKE on udp 500                         <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div>
<div> Pluto listening for NAT-T on udp 4500                      <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div><div>Checking for &#39;ip&#39; command                                   <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div>
<div>Checking /bin/sh is not /bin/dash                           <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div><div>Checking for &#39;iptables&#39; command                             <span class="Apple-tab-span" style="white-space:pre">        </span>[OK]</div>
<div>Opportunistic Encryption Support                            <span class="Apple-tab-span" style="white-space:pre">        </span>[DISABLED]</div><div><br></div><div><br></div><div>ipsec.conf </div><div><div>version 2.0     # conforms to second version of ipsec.conf specification</div>
<div><br></div><div># basic configuration</div><div>config setup</div><div>        # Debug-logging controls:  &quot;none&quot; for (almost) none, &quot;all&quot; for lots.</div><div>        # klipsdebug=none</div><div>        # plutodebug=&quot;control parsing&quot;</div>
<div>        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey</div><div>        protostack=netkey</div><div>        nat_traversal=yes</div><div>        virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12</a></div>
<div>        oe=off</div><div>        # Enable this if you see &quot;failed to find any available worker&quot;</div><div>        nhelpers=0</div><div><br></div><div>#You may put your configuration (.conf) file in the &quot;/etc/ipsec.d/&quot; and uncomment this.</div>
<div>include /etc/ipsec.d/*.conf</div></div><div><br></div><div><br></div><div><div>conn L2TP-PSK-NAT</div><div>        overlapip=yes</div><div>        rightsubnet=vhost:%priv</div><div>        also=L2TP-PSK-noNAT</div><div>
<br></div><div>conn L2TP-PSK-noNAT</div><div>        authby=secret</div><div>        pfs=no</div><div>        auto=add</div><div>#       keyingtries=3</div><div>        rekey=no</div><div>        ikelifetime=8h</div><div>
        keylife=1h</div><div>        type=transport</div><div>        left=my server ip</div><div>        leftprotoport=17/1701</div><div>        right=%any</div><div>        rightprotoport=17/%any</div><div>        dpddelay=20</div>
<div>        dpdtimeout=60</div><div>        dpdaction=clear</div></div><div><br></div><div class="gmail_quote">On Tue, Dec 28, 2010 at 10:47 AM, Paul Wouters <span dir="ltr">&lt;<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Tue, 28 Dec 2010, Spacelee wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
This is my version, should I use the newest one?<br>
<br>
ipsec --version<br>
Linux Openswan U2.6.24rc5/K2.6.26-2-xen-amd64 (netkey)<br>
</blockquote>
<br></div>
That&#39;s an &quot;rc&quot;, a &quot;release candidate&quot;. Yes you should upgrade to the latest<br>
full release, 2.6.32.<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br><br clear="all"><br>-- <br><div><b>Space Lee</b></div><br>
</div></div>