<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt">Hi,<br> <font face="Arial" size="2">Paul Wouters asked me verify my config against the sample config at openswan wiki. There were a couple of small differences. I think I had missed <br></font><span>listen-addr =<br>in the xl2tpd.conf file. I added that.<br><br></span><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><span>Also
I changed my ipsec.conf to more like what is mentioned in the wiki link
below. Now IPSec SA itself is not coming up. The logs on my server say</span></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><br><span></span></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><span>"L2TP-PSK"[1] 106.198.122.153 #1: the peer proposed: 12.23.11.78/32:17/1701 -> 106.198.122.153/32:17/0<br>"L2TP-PSK"[1] 106.198.122.153 #1: peer proposal was reject in a virtual connection policy
because:<br>"L2TP-PSK"[1] 106.198.122.153 #1: a private network
virtual IP was required, but the proposed IP did not match our list
(virtual_private=)<br>"L2TP-PSK"[1] 106.198.122.153 #1: peer proposal was reject in a virtual connection policy because:<br>"L2TP-PSK"[1]
106.198.122.153 #1: a private network virtual IP was required, but
the proposed IP did not match our list (virtual_private=)<br>"L2TP-PSK"[1]
106.198.122.153 #1: cannot respond to IPsec SA request because no
connection is known for
12.23.11.78<12.23.11.78>[+S=C]:17/1701...106.198.122.153[+S=C]:17/%any<br>"L2TP-PSK"[1] 106.198.122.153 #1: sending encrypted notification INVALID_ID_INFORMATION to 106.198.122.153:500<br><br></span></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><span>my ipsec.conf is</span></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><br><span></span></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><span>config setup</span></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><span>
dumpdir=/var/run/pluto/<br> #nat_traversal=yes </span></div><div> virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:172.16.0.0/12<br> oe=off <br> protostack=netkey<br> interfaces="%defaultroute"<br></div><div><br></div><div style="
color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;">conn L2TP-PSK</div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><br> authby=secret<br> pfs=no<br> auto=add<br> rekey=no<br> ikelifetime=8h<br> keyingtries=3<br> keylife=1h<br> type=transport<br> #left=192.168.1.108<br> left=12.23.11.78<br> leftprotoport=17/1701<br> right=%any<br> rightprotoport=17/%any<br> rightsubnet=vhost:%priv<br></div><div><br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times,
serif;background-color:transparent;font-style:normal;">This device is not behind any other GW, so I disabled NAT Traversal. I guess that is fine.</div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;">Earlier
I had my ipsec.conf as per the one mentioned here
http://blog.riobard.com/2010/04/30/l2tp-over-ipsec-ubuntu and SA used to
come up.<br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;">Also the xl2tpd.conf now looks
like</div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;">[global] ; Global parameters:<br>ipsec saref = yes<br>listen-addr = 12.23.11.78<br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;">[lns default]<br>ip range = 192.168.1.5-192.168.1.50<br>local ip = 192.168.1.108<br>assign ip = yes<br>require chap = yes<br>;refuse chap = yes<br>refuse pap = yes<br>require authentication =
yes<br>name = OpenswanVPN<br>ppp debug = yes<br>pppoptfile = /etc/ppp/options.xl2tpd<br>length bit = yes<br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;">it
would be really of help if you can validate this config once. I am
trying this for first time and not really know the ipsec/l2tp world
much.</div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;"><br></div><div style="color:rgb(0, 0, 0);font-size:16px;font-family:times new roman, new york, times, serif;background-color:transparent;font-style:normal;">--</div>Bhushana<br><div><span><br></span></div><div><span></span></div><div><br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Kit Peters <cpeters@ucmo.edu><br> <b><span style="font-weight: bold;">To:</span></b> Nagabhushana R <rnbhushana@yahoo.co.in> <br><b><span style="font-weight:
bold;">Cc:</span></b> "users@lists.openswan.org" <users@lists.openswan.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, 17 October 2012 8:00 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Openswan Users] Openswan on ubuntu 12.04 - L2TP connections doesn't go through and system hangs<br> </font> </div> <br><div id="yiv1367790651">Bhushana -<div><br></div><div>Please post your xl2tpd.conf (or the config file for whatever L2TP implementation you use) and your ipsec.conf. </div><div><br></div><div>KP<br><br><div class="yiv1367790651gmail_quote">On Mon, Oct 15, 2012 at 8:23 AM, Nagabhushana R <span dir="ltr"><<a rel="nofollow" ymailto="mailto:rnbhushana@yahoo.co.in" target="_blank" href="mailto:rnbhushana@yahoo.co.in">rnbhushana@yahoo.co.in</a>></span> wrote:<br>
<blockquote class="yiv1367790651gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div style="font-size:12pt;font-family:times new roman, new york, times, serif;">Hi,<br><br>server: Openswan 2.6.37-1 on ubuntu 12.04<br>
Client - Mac OSx 10.7.4<br><br>I have setup the server mostly based on the configurations mentioned at <a rel="nofollow" target="_blank" href="http://blog.riobard.com/2010/04/30/l2tp-over-ipsec-ubuntu">http://blog.riobard.com/2010/04/30/l2tp-over-ipsec-ubuntu</a><br>
and I also cross verified them against the examples given at <a rel="nofollow" target="_blank" href="https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd">https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd</a><br>
<br>The IPSec connection goes through fine, but the l2tpd connection doesn't.<br>Logs on my Mac Client<br><br>Oct 15 16:55:41 1921681104 pppd[4626]: IPSec connection started<br>Oct 15 16:55:41 1921681104 racoon[4627]: Connecting.<br>
Oct 15 16:55:41 1921681104 racoon[4627]: IPSec Phase1 started (Initiated by me).<br>Oct 15 16:55:41 1921681104 racoon[4627]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).<br>Oct 15 16:55:41 1921681104
racoon[4627]: IKE Packet: receive success. (Initiator, Main-Mode message 2).<br>Oct 15 16:55:41 1921681104 racoon[4627]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).<br>Oct 15 16:55:41 1921681104 racoon[4627]: IKE Packet: receive success. (Initiator, Main-Mode message 4).<br>
Oct 15 16:55:41 1921681104 racoon[4627]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).<br>Oct 15 16:55:42 1921681104 racoon[4627]: IKEv1 Phase1 AUTH: success. (Initiator, Main-Mode Message 6).<br>Oct 15 16:55:42 1921681104 racoon[4627]: IKE Packet: receive success. (Initiator, Main-Mode message 6).<br>
Oct 15 16:55:42 1921681104 racoon[4627]: IKEv1 Phase1 Initiator: success. (Initiator, Main-Mode).<br>Oct 15 16:55:42 1921681104 racoon[4627]: IPSec Phase1 established (Initiated by me).<br>Oct 15 16:55:42 1921681104 racoon[4627]: IPSec Phase2 started (Initiated by me).<br>
Oct 15 16:55:42 1921681104 racoon[4627]: IKE Packet: transmit success.
(Initiator, Quick-Mode message 1).<br>Oct 15 16:55:42 1921681104 racoon[4627]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).<br>Oct 15 16:55:42 1921681104 racoon[4627]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).<br>
Oct 15 16:55:42 1921681104 racoon[4627]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).<br>Oct 15 16:55:42 1921681104 racoon[4627]: IPSec Phase2 established (Initiated by me).<br>Oct 15 16:55:42 1921681104 pppd[4626]: IPSec connection established<br>
Oct 15 16:56:02 1921681104 pppd[4626]: L2TP cannot connect to the server<br><br>I verified that xl2tpd is running and bound to correct ports.<br><br>Any pointers to what am I missing here would be of great help.<br><br>Thanks<br>
<br>--<br>Bhushana<br><div><br></div></div></div><br>_______________________________________________<br>
<a rel="nofollow" ymailto="mailto:Users@lists.openswan.org" target="_blank" href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a rel="nofollow" target="_blank" href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a rel="nofollow" target="_blank" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a rel="nofollow" target="_blank" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><span>-</span></div><span>Kit</span> <span>Peters</span> (W0KEH), Engineer II<br>
KMOS TV Channel 6 / KTBG 90.9 FM<br>
University of Central Missouri<br>
<a rel="nofollow" target="_blank" href="http://kmos.org/">http://kmos.org/</a> | <a rel="nofollow" target="_blank" href="http://ktbg.fm/">http://ktbg.fm/</a><br>
</div>
</div><br><br> </div> </div> </blockquote></div> </div></body></html>