<div dir="ltr">Hello Sir,<br><br>I have done mdification as u guide.<br><br>leftprotoport=17/1701<br><br>virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:%21192.168.1.0/24,%v4:%21192.168.5.0/24" target="_blank">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.5.0/24</a><br>
Because My VPN client is in <a href="http://192.168.1.0/24">192.168.1.0/24</a> subnet so I allow <a href="http://192.168.1.0/24">192.168.1.0/24</a> and disallow <a href="http://192.168.5.0/24">192.168.5.0/24</a><br>
<br>And chap-secrets file I have tested both testing with wild card "*" and <a href="http://192.168.5.0/24">192.168.5.0/24</a> . But still It is acting as a one way communication . My VPN client is Windows XP with <a href="http://192.168.1.0/24">192.168.1.0/24</a> subnet ip.<br>
<br>Please help me.<br> <br><br><div class="gmail_quote">On Sat, Sep 10, 2011 at 10:06 AM, heta shah <span dir="ltr"><<a href="mailto:heta45@gmail.com">heta45@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div dir="ltr">Hello Sir,<div><br></div><div>Thanks for reply. I have done this setting . But It still doing one way communication. I can connect to server from client but from server I am able to connect client I cannot able to ping client from server side. <div>
<div></div><div class="h5"><br>
<br><div class="gmail_quote">On Sat, Sep 10, 2011 at 1:57 AM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div>On Fri, 9 Sep 2011, heta shah wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I have configured IPSEC and L2TP in ubuntu system . I want to configure road worries setup . In this my VPN is working fine .<br>
Windows system is connected with ubuntu VPN server and I can connect with vpn server from windows VPN client but I cannot connect<br>
mean cannot ping to windows VPN client from ubuntu VPN server. This is my configuration of ubuntu VPN server.<br>
</blockquote>
<br></div>
You might need to tweak the registry on Windows as your Liunx VPN server is behind NAT (If i read<br>
your config below correctly)<div><div></div><div><br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
conn L2TP-PSK-noNAT<br>
#<br>
# Configuration for one user with any type of IPsec/L2TP client<br>
# including the updated Windows 2000/XP (MS KB Q818043), but<br>
# excluding the non-updated Windows 2000/XP.<br>
#<br>
#<br>
# Use a Preshared Key. Disable Perfect Forward Secrecy.<br>
#<br>
# PreSharedSecret needs to be specified in /etc/ipsec.secrets as<br>
# YourIPAddress %any: "sharedsecret"<br>
authby=secret<br>
pfs=no<br>
auto=add<br>
keyingtries=3<br>
# we cannot rekey for %any, let client rekey<br>
rekey=no<br>
# Apple iOS doesn't send delete notify so we need dead peer detection<br>
# to detect vanishing clients<br>
dpddelay=10<br>
dpdtimeout=90<br>
dpdaction=clear<br>
# Set ikelifetime and keylife to same defaults windows has<br>
ikelifetime=8h<br>
keylife=1h<br>
# l2tp-over-ipsec is transport mode<br>
type=transport<br>
#<br>
left=192.168.1.121<br>
leftnexthop=192.168.1.254<br>
#<br>
# For updated Windows 2000/XP clients,<br>
# to support old clients as well, use leftprotoport=17/%any<br>
leftprotoport=17/%any<br>
</blockquote>
<br></div></div>
That should normally be 17/1701, unless your NAT gateway is doing something weird<div><br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
#<br>
# The remote user.<br>
#<br>
right=%any<br>
# Using the magic port of "%any" means "any one single port". This is<br>
# a work around required for Apple OSX clients that use a randomly<br>
# high port.<br>
rightprotoport=17/%any<br>
</blockquote>
<br></div>
You are missing rightsubnet=vhost:%priv,%no You "config setup" also needs to have:<br>
<br>
nat_traversal=yes<br>
virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:%21192.168.1.0/24,%v4:%21192.168.5.0/24" target="_blank">10.0.0.0/<u></u>8,%v4:192.168.0.0/16,%v4:172.<u></u>16.0.0/12,%v4:!192.168.1.0/24,<u></u>%v4:!192.168.5.0/24</a><div>
<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
# Secrets for authentication using CHAP<br>
# client server secret IP addresses<br>
username * "password" *<br>
* username "password" *<br>
</blockquote>
<br></div>
Don't you want that last column be be something like <a href="http://192.168.5.0/24" target="_blank">192.168.5.0/24</a> ?<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br><br clear="all"><div><br></div></div></div><div class="im">-- <br>Thanks and Regards.<br><br>Heta Shah<br></div><br><br><br><br>
</div></div>
</blockquote></div><br><br clear="all"><br>-- <br>Thanks and Regards.<br><br>Heta Shah<br><br><br>
</div>