<div dir="ltr">Hello Sir,<div><br></div><div>Thanks for reply. I have done this setting . But It still doing one way communication. I can connect to server from client but from server I am able to connect client I cannot able to ping client from server side. <br>
<br><div class="gmail_quote">On Sat, Sep 10, 2011 at 1:57 AM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Fri, 9 Sep 2011, heta shah wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I have configured IPSEC and L2TP in ubuntu system . I want to configure road worries setup . In this my VPN is working fine .<br>
Windows system is connected with ubuntu VPN server and I can connect with vpn server from windows VPN client but I cannot connect<br>
mean cannot ping to windows VPN client from ubuntu VPN server. This is my configuration of ubuntu VPN server.<br>
</blockquote>
<br></div>
You might need to tweak the registry on Windows as your Liunx VPN server is behind NAT (If i read<br>
your config below correctly)<div><div></div><div class="h5"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
conn L2TP-PSK-noNAT<br>
#<br>
# Configuration for one user with any type of IPsec/L2TP client<br>
# including the updated Windows 2000/XP (MS KB Q818043), but<br>
# excluding the non-updated Windows 2000/XP.<br>
#<br>
#<br>
# Use a Preshared Key. Disable Perfect Forward Secrecy.<br>
#<br>
# PreSharedSecret needs to be specified in /etc/ipsec.secrets as<br>
# YourIPAddress %any: "sharedsecret"<br>
authby=secret<br>
pfs=no<br>
auto=add<br>
keyingtries=3<br>
# we cannot rekey for %any, let client rekey<br>
rekey=no<br>
# Apple iOS doesn't send delete notify so we need dead peer detection<br>
# to detect vanishing clients<br>
dpddelay=10<br>
dpdtimeout=90<br>
dpdaction=clear<br>
# Set ikelifetime and keylife to same defaults windows has<br>
ikelifetime=8h<br>
keylife=1h<br>
# l2tp-over-ipsec is transport mode<br>
type=transport<br>
#<br>
left=192.168.1.121<br>
leftnexthop=192.168.1.254<br>
#<br>
# For updated Windows 2000/XP clients,<br>
# to support old clients as well, use leftprotoport=17/%any<br>
leftprotoport=17/%any<br>
</blockquote>
<br></div></div>
That should normally be 17/1701, unless your NAT gateway is doing something weird<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
#<br>
# The remote user.<br>
#<br>
right=%any<br>
# Using the magic port of "%any" means "any one single port". This is<br>
# a work around required for Apple OSX clients that use a randomly<br>
# high port.<br>
rightprotoport=17/%any<br>
</blockquote>
<br></div>
You are missing rightsubnet=vhost:%priv,%no You "config setup" also needs to have:<br>
<br>
nat_traversal=yes<br>
virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.1.0/24,%v4:!192.168.5.0/24" target="_blank">10.0.0.0/<u></u>8,%v4:192.168.0.0/16,%v4:172.<u></u>16.0.0/12,%v4:!192.168.1.0/24,<u></u>%v4:!192.168.5.0/24</a><div class="im">
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
# Secrets for authentication using CHAP<br>
# client server secret IP addresses<br>
username * "password" *<br>
* username "password" *<br>
</blockquote>
<br></div>
Don't you want that last column be be something like <a href="http://192.168.5.0/24" target="_blank">192.168.5.0/24</a> ?<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br><br clear="all"><div><br></div>-- <br>Thanks and Regards.<br><br>Heta Shah<br>91-9662505876<br><br><br><br>
</div></div>