<div dir="ltr">Hello Sir,<br><br><br>This is /var/log/debug messages.<br><br><span style="color: rgb(0, 0, 102);">Jun 7 15:42:39 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 1 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Jun 7 15:42:51 cloud-enjay last message repeated 3 times</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Jun 7 15:42:57 cloud-enjay xl2tpd[21564]: Unable to deliver closing message for tunnel 41984. Destroying anyway. </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Jun 7 15:43:01 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 1 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Jun 7 15:44:14 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 2 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Jun 7 15:44:27 cloud-enjay last message repeated 3 times</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Jun 7 15:44:32 cloud-enjay xl2tpd[21564]: Unable to deliver closing message for tunnel 44982. Destroying anyway. </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Jun 7 15:44:37 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 2 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Jun 7 15:45:50 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 3 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Jun 7 15:45:55 cloud-enjay last message repeated 2 times</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Jun 7 15:46:00 cloud-enjay xl2tpd[21564]: Unable to deliver closing message for tunnel 33914. Destroying anyway. </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Jun 7 15:46:03 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 3 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Jun 7 15:47:25 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 4 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Jun 7 15:47:26 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 4 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Jun 7 15:47:30 cloud-enjay xl2tpd[21564]: Unable to deliver closing message for tunnel 32276. Destroying anyway. </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Jun 7 15:47:30 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 4 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Jun 7 15:47:35 cloud-enjay xl2tpd[21564]: Unable to deliver closing message for tunnel 45173. Destroying anyway. </span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Jun 7 15:47:38 cloud-enjay xl2tpd[21564]: control_finish: Peer requested tunnel 4 twice, ignoring second one. </span><br style="color: rgb(0, 0, 102);"><br><br>Please help me VPN server is not able to connect.<br>
<br>Is any error is coming ..<br><br><br><br><div class="gmail_quote">On Fri, Jun 3, 2011 at 4:09 PM, <span dir="ltr"><<a href="mailto:users-request@openswan.org">users-request@openswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Send Users mailing list submissions to<br>
<a href="mailto:users@openswan.org">users@openswan.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:users-request@openswan.org">users-request@openswan.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:users-owner@openswan.org">users-owner@openswan.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Error in OPENSWAN with XL2TP (Willie Gillespie)<br>
2. Re: openswan installation (?zg?r Uncuo?lu (WEBSAH?B?))<br>
3. Re: openswan installation (?zg?r Uncuo?lu (WEBSAH?B?))<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 02 Jun 2011 11:48:07 -0600<br>
From: Willie Gillespie <<a href="mailto:wgillespie%2Bopenswan@es2eng.com">wgillespie+openswan@es2eng.com</a>><br>
Subject: Re: [Openswan Users] Error in OPENSWAN with XL2TP<br>
To: <a href="mailto:users@openswan.org">users@openswan.org</a><br>
Message-ID: <<a href="mailto:4DE7CCD7.8070107@es2eng.com">4DE7CCD7.8070107@es2eng.com</a>><br>
Content-Type: text/plain; charset=UTF-8; format=flowed<br>
<br>
I don't see any real errors here. The message you are seeing when<br>
starting xl2tpd is more of an informational/warning. It doesn't require<br>
kernel L2TP to work. My guess is that the client is connecting, but<br>
then closing things down.<br>
<br>
The IPsec part is working. Maybe turn on debugging in<br>
/etc/xl2tpd/xl2tpd.conf with ppp debug = yes<br>
Then look at /var/log/debug and see if anything sticks out to you.<br>
<br>
Willie<br>
<br>
On 6/2/2011 2:10 AM, heta shah wrote:<br>
> Hello Sir,<br>
><br>
> Please help me regarding IPSEC with L2TP. I have configure OPENSWAN with<br>
> L2TP . when I am tring to connect to server from NATed site it showing<br>
> this error on server side.<br>
> My server is Ubuntu 9.10 server edition with kernel 2.6.28-11-server<br>
><br>
><br>
><br>
><br>
> Jun 2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #14: peer client type is FQDN<br>
> Jun 2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #14: Applying workaround for MS-818043 NAT-T bug<br>
> Jun 2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #14: IDci was FQDN: t\307\251-, using<br>
> NAT_OA=<a href="http://192.168.1.35/32" target="_blank">192.168.1.35/32</a> <<a href="http://192.168.1.35/32" target="_blank">http://192.168.1.35/32</a>> as IDci<br>
> Jun 2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #14: the peer proposed: <a href="http://116.199.169.45/32:17/1701" target="_blank">116.199.169.45/32:17/1701</a><br>
> <<a href="http://116.199.169.45/32:17/1701" target="_blank">http://116.199.169.45/32:17/1701</a>> -> <a href="http://192.168.1.35/32:17/0" target="_blank">192.168.1.35/32:17/0</a><br>
> <<a href="http://192.168.1.35/32:17/0" target="_blank">http://192.168.1.35/32:17/0</a>><br>
> Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #15: responding to Quick Mode proposal {msgid:314343e9}<br>
> Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #15: us: 116.199.169.45<116.199.169.45>[+S=C]:17/1701<br>
> Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #15: them: 117.196.10.91[@<a href="http://2k3test.enjay.com" target="_blank">2k3test.enjay.com</a><br>
> <<a href="http://2k3test.enjay.com" target="_blank">http://2k3test.enjay.com</a>>,+S=C]:17/1701===?<br>
> Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #15: transition from state STATE_QUICK_R0 to state<br>
> STATE_QUICK_R1<br>
> Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #15: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,<br>
> expecting QI2<br>
> Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #15: transition from state STATE_QUICK_R1 to state<br>
> STATE_QUICK_R2<br>
> Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]<br>
> 117.196.10.91 #15: STATE_QUICK_R2: IPsec SA established transport mode<br>
> {ESP=>0x8b28bcad <0xa93368e1 xfrm=3DES_0-HMAC_MD5 NATOA=192.168.1.35<br>
> NATD=<a href="http://117.196.10.91:4500" target="_blank">117.196.10.91:4500</a> <<a href="http://117.196.10.91:4500" target="_blank">http://117.196.10.91:4500</a>> DPD=none}<br>
> Jun 2 13:34:36 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]<br>
> 117.196.10.91 #18: received Delete SA(0x8b9e0884) payload: deleting<br>
> IPSEC State #19<br>
> Jun 2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]<br>
> 117.196.10.91 #18: received and ignored informational message<br>
> Jun 2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]<br>
> 117.196.10.91 #18: received Delete SA payload: deleting ISAKMP State #18<br>
> Jun 2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]<br>
> 117.196.10.91 <<a href="http://117.196.10.91" target="_blank">http://117.196.10.91</a>>: deleting connection "L2TP-PSK-NAT"<br>
> instance with peer 117.196.10.91 {isakmp=#0/ipsec=#0}<br>
> Jun 2 13:34:37 cloud-enjay pluto[2638]: packet from <a href="http://117.196.10.91:4500" target="_blank">117.196.10.91:4500</a><br>
> <<a href="http://117.196.10.91:4500" target="_blank">http://117.196.10.91:4500</a>>: received and ignored informational message<br>
><br>
><br>
> when I am starting the XL2TP service it gives this error.<br>
><br>
> Jun 2 13:37:01 cloud-enjay xl2tpd[24455]: setsockopt recvref[22]:<br>
> Protocol not available<br>
> Jun 2 13:37:01 cloud-enjay xl2tpd[24455]: This binary does not support<br>
> kernel L2TP.<br>
> Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: xl2tpd version xl2tpd-1.2.4<br>
> started on cloud-enjay PID:24456<br>
> Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Written by Mark Spencer,<br>
> Copyright (C) 1998, Adtran, Inc.<br>
> Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Forked by Scott Balmos and<br>
> David Stipp, (C) 2001<br>
> Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Inherited by Jeff McAdams,<br>
> (C) 2002<br>
> Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Forked again by Xelerance<br>
> (<a href="http://www.xelerance.com" target="_blank">www.xelerance.com</a> <<a href="http://www.xelerance.com" target="_blank">http://www.xelerance.com</a>>) (C) 2006<br>
> Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Listening on IP address<br>
> 0.0.0.0, port 1701<br>
><br>
> Please help me If anyone knows about it.<br>
> --<br>
> Thanks and Regards.<br>
><br>
> Heta Shah<br>
> 91-9662505876<br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> <a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
> <a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Fri, 3 Jun 2011 09:58:15 +0300<br>
From: ?zg?r Uncuo?lu (WEBSAH?B?) <<a href="mailto:ozgur@websahibi.com">ozgur@websahibi.com</a>><br>
Subject: Re: [Openswan Users] openswan installation<br>
To: ?zg?r Uncuo?lu (WEBSAH?B?) <<a href="mailto:ozgur@websahibi.com">ozgur@websahibi.com</a>>, Paul Wouters<br>
<<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>><br>
Cc: "<a href="mailto:users@openswan.org">users@openswan.org</a>" <<a href="mailto:users@openswan.org">users@openswan.org</a>><br>
Message-ID:<br>
<<a href="mailto:49D3A14667636144913116095AD8A6966F6FD727D7@WEBSAHIBISRV.websahibi.com">49D3A14667636144913116095AD8A6966F6FD727D7@WEBSAHIBISRV.websahibi.com</a>><br>
<br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
After afew days,I completed the installation.<br>
<br>
This is my xl2tpd/openswan installation under debian 6 and it's really working.<br>
<br>
Debian 6 /2.6.32-5-686<br>
Openswan 2.6.28+dfsg-5<br>
Xl2tpd 1.2.7+dfsg-1<br>
<br>
<br>
-------------/etc/ipsec.conf--------------------<br>
<br>
version 2.0 # conforms to second version of ipsec.conf specification<br>
<br>
# basic configuration<br>
config setup<br>
<br>
nat_traversal=yes<br>
virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12" target="_blank">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12</a><br>
oe=off<br>
protostack=netkey<br>
<br>
<br>
include /etc/ipsec.d/l2tp-psk.conf<br>
<br>
<br>
<br>
-----------/etc/ipsec.d/l2tp-psk.conf-------------<br>
<br>
conn L2TP-PSK-NAT<br>
rightsubnet=vhost:%priv<br>
also=L2TP-PSK-noNAT<br>
<br>
conn L2TP-PSK-noNAT<br>
authby=secret<br>
pfs=no<br>
auto=add<br>
keyingtries=3<br>
rekey=no<br>
ikelifetime=8h<br>
keylife=1h<br>
type=transport<br>
left=SERVER_REAL_IP<br>
leftnexthop=%defaultroute<br>
leftprotoport=17/1701<br>
right=%any<br>
rightprotoport=17/%any<br>
<br>
<br>
------------/etc/xl2tpd/xl2tpd.conf---------------<br>
[global]<br>
listen-addr = SERVER_REAL_IP<br>
port = 1701<br>
auth file = /etc/ppp/chap-secrets<br>
ipsec saref = no<br>
;forceuserspace = yes<br>
; debug tunnel = yes<br>
<br>
[lns default]<br>
ip range = SERVER_LOCAL_IP-POOL<br>
local ip = SERVER_LOCAL_IP<br>
require chap = yes<br>
refuse pap = yes<br>
require authentication = yes<br>
name = vpn<br>
ppp debug = yes<br>
pppoptfile = /etc/ppp/options.xl2tpd<br>
length bit = yes<br>
<br>
<br>
----------/etc/ppp/options.xl2tpd----------------<br>
<br>
ipcp-accept-local<br>
ipcp-accept-remote<br>
ms-dns A_DNS_RESOLVER_ADDRESS<br>
noccp<br>
auth<br>
crtscts<br>
idle 1800<br>
mtu 1410<br>
mru 1410<br>
nodefaultroute<br>
debug<br>
lock<br>
proxyarp<br>
connect-delay 5000<br>
name vpn<br>
usehostname<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:users-bounces@openswan.org">users-bounces@openswan.org</a> [mailto:<a href="mailto:users-bounces@openswan.org">users-bounces@openswan.org</a>] On Behalf Of ?zg?r Uncuo?lu (WEBSAH?B?)<br>
Sent: Monday, May 30, 2011 1:45 PM<br>
To: Paul Wouters<br>
Cc: <a href="mailto:users@openswan.org">users@openswan.org</a><br>
Subject: Re: [Openswan Users] openswan installation<br>
<br>
full error logs may help us to find the error;<br>
<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received Vendor ID payload [RFC 3947] method set to=109<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [FRAGMENTATION]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [Vid-Initial-Contact]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [IKE CGA version 1]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: initial Main Mode message received on server_real_ip:500 but no connection has been authorized with policy=PSK<br>
<br>
-----Original Message-----<br>
From: Paul Wouters [mailto:<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>]<br>
Sent: Saturday, May 28, 2011 7:32 PM<br>
To: ?zg?r Uncuo?lu (WEBSAH?B?)<br>
Cc: <a href="mailto:users@openswan.org">users@openswan.org</a><br>
Subject: Re: [Openswan Users] openswan installation<br>
<br>
<br>
Did you use empty lines in your config inside a conn definition? That will break things<br>
<br>
Paul<br>
<br>
On Sat, 28 May 2011, ?zg?r Uncuo?lu (WEBSAH?B?) wrote:<br>
<br>
> Date: Sat, 28 May 2011 13:21:01 +0300<br>
> From: "?zg?r Uncuo?lu (WEBSAH?B?)" <<a href="mailto:ozgur@websahibi.com">ozgur@websahibi.com</a>><br>
> To: "<a href="mailto:users@openswan.org">users@openswan.org</a>" <<a href="mailto:users@openswan.org">users@openswan.org</a>><br>
> Subject: [Openswan Users] openswan installation<br>
><br>
><br>
> Hi there,<br>
><br>
> ?<br>
><br>
> Newly installed openswan (2.6.23+dfsg-1ubuntu1 )on ubuntu 10.04 x64 with two interfaces.<br>
><br>
> ?<br>
><br>
> When I try to connect from my pc (Windows 7) it logs error below<br>
><br>
> ?<br>
><br>
> pluto[8707]: packet from client_ip:500: initial Main Mode message received on server_real_ip:500 but no<br>
> connection has been authorized with policy=PSK<br>
><br>
> ?<br>
><br>
> ipsec.secrets<br>
><br>
> ?<br>
><br>
> server_real_ip %any: PSK "sharedkey"<br>
><br>
> 192.168.1.1 %any: PSK "sharedkey"<br>
><br>
> ?<br>
><br>
> a part of ipsec.conf<br>
><br>
> ?<br>
><br>
> conn L2TP-PSK<br>
><br>
> ??????? authby=secret<br>
><br>
> ??????? pfs=no<br>
><br>
> ??????? auto=start<br>
><br>
> #?????? auto=add<br>
><br>
> ??????? keyingtries=3<br>
><br>
> ??????? rekey=no<br>
><br>
> ??????? ikelifetime=8h<br>
><br>
> ??????? keylife=1h<br>
><br>
> ??????? type=transport<br>
><br>
> ??????? left=server?s real ip<br>
><br>
> ??????? leftnexthop=real ip gateway (router)<br>
><br>
> ??????? leftprotoport=17/1701<br>
><br>
> #?????? leftprotoport=17/%any<br>
><br>
> ?<br>
><br>
> #?????? right=%any<br>
><br>
> #?????? rightsubnet=vhost:%no,%priv<br>
><br>
> ?<br>
><br>
> ??????? right=192.168.1.1<br>
><br>
> ??????? rightsubnet=<a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a><br>
><br>
> ??????? rightprotoport=17/0<br>
><br>
> ?<br>
><br>
> ?<br>
><br>
> googled lots of ?page..lost in configurations<br>
><br>
> lot of combinations tried but ?L<br>
><br>
> ?<br>
><br>
> thnx in advance<br>
><br>
> ?<br>
><br>
> ?<br>
><br>
> ?<br>
><br>
> ?zg?r UNCUO?LU<br>
><br>
> Websahibi Internet Hizmetleri<br>
><br>
> Datacenter Koordinat?r?<br>
><br>
> cid:image001.png@01CA2FB6.7CDAD530<br>
><br>
> ?<br>
><br>
><br>
><br>
_______________________________________________<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Fri, 3 Jun 2011 13:38:54 +0300<br>
From: ?zg?r Uncuo?lu (WEBSAH?B?) <<a href="mailto:ozgur@websahibi.com">ozgur@websahibi.com</a>><br>
Subject: Re: [Openswan Users] openswan installation<br>
To: ?zg?r Uncuo?lu (WEBSAH?B?) <<a href="mailto:ozgur@websahibi.com">ozgur@websahibi.com</a>>, Paul Wouters<br>
<<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>><br>
Cc: "<a href="mailto:users@openswan.org">users@openswan.org</a>" <<a href="mailto:users@openswan.org">users@openswan.org</a>><br>
Message-ID:<br>
<<a href="mailto:49D3A14667636144913116095AD8A6966F6FD727E6@WEBSAHIBISRV.websahibi.com">49D3A14667636144913116095AD8A6966F6FD727E6@WEBSAHIBISRV.websahibi.com</a>><br>
<br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi,<br>
<br>
Now ,client succesfully connected to vpn but client's gateway is configured to 0.0.0.0<br>
<br>
One last question.If I use this vpn server as a gateway/transparent Proxy,how to change l2tp config?<br>
<br>
<br>
<br>
-----Original Message-----<br>
From: ?zg?r Uncuo?lu (WEBSAH?B?)<br>
Sent: Friday, June 03, 2011 9:58 AM<br>
To: ?zg?r Uncuo?lu (WEBSAH?B?); Paul Wouters<br>
Cc: <a href="mailto:users@openswan.org">users@openswan.org</a><br>
Subject: RE: [Openswan Users] openswan installation<br>
<br>
After afew days,I completed the installation.<br>
<br>
This is my xl2tpd/openswan installation under debian 6 and it's really working.<br>
<br>
Debian 6 /2.6.32-5-686<br>
Openswan 2.6.28+dfsg-5<br>
Xl2tpd 1.2.7+dfsg-1<br>
<br>
<br>
-------------/etc/ipsec.conf--------------------<br>
<br>
version 2.0 # conforms to second version of ipsec.conf specification<br>
<br>
# basic configuration<br>
config setup<br>
<br>
nat_traversal=yes<br>
virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12" target="_blank">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12</a><br>
oe=off<br>
protostack=netkey<br>
<br>
<br>
include /etc/ipsec.d/l2tp-psk.conf<br>
<br>
<br>
<br>
-----------/etc/ipsec.d/l2tp-psk.conf-------------<br>
<br>
conn L2TP-PSK-NAT<br>
rightsubnet=vhost:%priv<br>
also=L2TP-PSK-noNAT<br>
<br>
conn L2TP-PSK-noNAT<br>
authby=secret<br>
pfs=no<br>
auto=add<br>
keyingtries=3<br>
rekey=no<br>
ikelifetime=8h<br>
keylife=1h<br>
type=transport<br>
left=SERVER_REAL_IP<br>
leftnexthop=%defaultroute<br>
leftprotoport=17/1701<br>
right=%any<br>
rightprotoport=17/%any<br>
<br>
<br>
------------/etc/xl2tpd/xl2tpd.conf---------------<br>
[global]<br>
listen-addr = SERVER_REAL_IP<br>
port = 1701<br>
auth file = /etc/ppp/chap-secrets<br>
ipsec saref = no<br>
;forceuserspace = yes<br>
; debug tunnel = yes<br>
<br>
[lns default]<br>
ip range = SERVER_LOCAL_IP-POOL<br>
local ip = SERVER_LOCAL_IP<br>
require chap = yes<br>
refuse pap = yes<br>
require authentication = yes<br>
name = vpn<br>
ppp debug = yes<br>
pppoptfile = /etc/ppp/options.xl2tpd<br>
length bit = yes<br>
<br>
<br>
----------/etc/ppp/options.xl2tpd----------------<br>
<br>
ipcp-accept-local<br>
ipcp-accept-remote<br>
ms-dns A_DNS_RESOLVER_ADDRESS<br>
noccp<br>
auth<br>
crtscts<br>
idle 1800<br>
mtu 1410<br>
mru 1410<br>
nodefaultroute<br>
debug<br>
lock<br>
proxyarp<br>
connect-delay 5000<br>
name vpn<br>
usehostname<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:users-bounces@openswan.org">users-bounces@openswan.org</a> [mailto:<a href="mailto:users-bounces@openswan.org">users-bounces@openswan.org</a>] On Behalf Of ?zg?r Uncuo?lu (WEBSAH?B?)<br>
Sent: Monday, May 30, 2011 1:45 PM<br>
To: Paul Wouters<br>
Cc: <a href="mailto:users@openswan.org">users@openswan.org</a><br>
Subject: Re: [Openswan Users] openswan installation<br>
<br>
full error logs may help us to find the error;<br>
<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received Vendor ID payload [RFC 3947] method set to=109<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [FRAGMENTATION]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [Vid-Initial-Contact]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [IKE CGA version 1]<br>
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: initial Main Mode message received on server_real_ip:500 but no connection has been authorized with policy=PSK<br>
<br>
-----Original Message-----<br>
From: Paul Wouters [mailto:<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>]<br>
Sent: Saturday, May 28, 2011 7:32 PM<br>
To: ?zg?r Uncuo?lu (WEBSAH?B?)<br>
Cc: <a href="mailto:users@openswan.org">users@openswan.org</a><br>
Subject: Re: [Openswan Users] openswan installation<br>
<br>
<br>
Did you use empty lines in your config inside a conn definition? That will break things<br>
<br>
Paul<br>
<br>
On Sat, 28 May 2011, ?zg?r Uncuo?lu (WEBSAH?B?) wrote:<br>
<br>
> Date: Sat, 28 May 2011 13:21:01 +0300<br>
> From: "?zg?r Uncuo?lu (WEBSAH?B?)" <<a href="mailto:ozgur@websahibi.com">ozgur@websahibi.com</a>><br>
> To: "<a href="mailto:users@openswan.org">users@openswan.org</a>" <<a href="mailto:users@openswan.org">users@openswan.org</a>><br>
> Subject: [Openswan Users] openswan installation<br>
><br>
><br>
> Hi there,<br>
><br>
> ?<br>
><br>
> Newly installed openswan (2.6.23+dfsg-1ubuntu1 )on ubuntu 10.04 x64 with two interfaces.<br>
><br>
> ?<br>
><br>
> When I try to connect from my pc (Windows 7) it logs error below<br>
><br>
> ?<br>
><br>
> pluto[8707]: packet from client_ip:500: initial Main Mode message received on server_real_ip:500 but no<br>
> connection has been authorized with policy=PSK<br>
><br>
> ?<br>
><br>
> ipsec.secrets<br>
><br>
> ?<br>
><br>
> server_real_ip %any: PSK "sharedkey"<br>
><br>
> 192.168.1.1 %any: PSK "sharedkey"<br>
><br>
> ?<br>
><br>
> a part of ipsec.conf<br>
><br>
> ?<br>
><br>
> conn L2TP-PSK<br>
><br>
> ??????? authby=secret<br>
><br>
> ??????? pfs=no<br>
><br>
> ??????? auto=start<br>
><br>
> #?????? auto=add<br>
><br>
> ??????? keyingtries=3<br>
><br>
> ??????? rekey=no<br>
><br>
> ??????? ikelifetime=8h<br>
><br>
> ??????? keylife=1h<br>
><br>
> ??????? type=transport<br>
><br>
> ??????? left=server?s real ip<br>
><br>
> ??????? leftnexthop=real ip gateway (router)<br>
><br>
> ??????? leftprotoport=17/1701<br>
><br>
> #?????? leftprotoport=17/%any<br>
><br>
> ?<br>
><br>
> #?????? right=%any<br>
><br>
> #?????? rightsubnet=vhost:%no,%priv<br>
><br>
> ?<br>
><br>
> ??????? right=192.168.1.1<br>
><br>
> ??????? rightsubnet=<a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a><br>
><br>
> ??????? rightprotoport=17/0<br>
><br>
> ?<br>
><br>
> ?<br>
><br>
> googled lots of ?page..lost in configurations<br>
><br>
> lot of combinations tried but ?L<br>
><br>
> ?<br>
><br>
> thnx in advance<br>
><br>
> ?<br>
><br>
> ?<br>
><br>
> ?<br>
><br>
> ?zg?r UNCUO?LU<br>
><br>
> Websahibi Internet Hizmetleri<br>
><br>
> Datacenter Koordinat?r?<br>
><br>
> cid:image001.png@01CA2FB6.7CDAD530<br>
><br>
> ?<br>
><br>
><br>
><br>
_______________________________________________<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
<br>
<br>
End of Users Digest, Vol 91, Issue 3<br>
************************************<br>
</blockquote></div><br><br clear="all"><br>-- <br>Thanks and Regards.<br><br>Heta Shah<br>91-9662505876<br><br><br><br>
</div>