<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta content="text/html;charset=UTF-8" http-equiv="Content-Type"></head><body ><div style='font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif;'><br>I use dialup connection with dynaimc ip in debian wheezy to connect to the internet, want to setup l2tp tunnel with the xl2tpd and openswan this is my ipsec.conf:<br><br><blockquote style="border: 1px solid rgb(204, 204, 204); padding: 7px; background-color: rgb(245, 245, 245);"><div><br> version 2.0<br>config setup <br> dumpdir=/var/run/pluto/<br> nat_traversal=yes<br> virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:172.16.0.0/12<br> oe=off<br> protostack=netkey<br> plutostderrlog=/var/log/pluto.log<br> interfaces="%defaultroute"<br><br>conn L2TP-PSK-NAT<br><br> rightsubnet=vhost:%priv<br> also=shamsme<br><br>conn mypc<br> <br> authby=secret<br> pfs=no<br> auto=add<br> keyingtries=3<br> rekey=no<br> ikelifetime=8h<br> keylife=1h<br> type=transport<br> left=%defaultroute<br> leftnexthop=%defaultroute<br> leftprotoport=17/1701<br> right=217.147.94.149<br> rightprotoport=17/1701</div></blockquote>after configuration all the config files i run these commands:<br><br><blockquote style="border: 1px solid rgb(204, 204, 204); padding: 7px; background-color: rgb(245, 245, 245);"><div>/etc/init.d/ipsec start<br>/etc/init.d/xl2tpd start <br>ipsec auto --up mypc <br>echo "c mypc" > /var/run/xl2tpd/l2tp-control</div></blockquote>but l2tp tunnel is not working and i didn't see any extra pppx for the l2tp connection in the ifconfig there is only the0, lo and ppp0, this is the output of <br><pre id="msg_pre">ipsec auto --status:<br><br><blockquote style="border: 1px solid rgb(204, 204, 204); padding: 7px; background-color: rgb(245, 245, 245);"><div>#ipsec auto --status <br>000 using kernel interface: netkey<br>000 interface lo/lo ::1<br>000 interface lo/lo 127.0.0.1<br>000 interface lo/lo 127.0.0.1<br>000 interface eth0/eth0 192.168.1.1<br>000 interface eth0/eth0 192.168.1.1<br>000 interface ppp0/ppp0 116.104.228.195<br>000 interface ppp0/ppp0 116.104.228.195<br>000 %myid = (none)<br>000 debug none<br>000 <br>000 virtual_private (%priv):<br>000 - allowed 3 subnets: 10.0.0.0/8, 192.168.1.0/24, 172.16.0.0/12<br>000 - disallowed 0 subnets: <br>000 WARNING: Disallowed subnets in virtual_private= is empty. If you have <br>000 private address space in internal use, it should be excluded!<br>000 <br>000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64<br>000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192<br>000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128<br>000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448<br>000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0<br>000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=160, keysizemax=288<br>000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128<br>000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160<br>000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256<br>000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384<br>000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512<br>000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160<br>000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128<br>000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0<br>000 <br>000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131<br>000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192<br>000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128<br>000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16<br>000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20<br>000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024<br>000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536<br>000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048<br>000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072<br>000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096<br>000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144<br>000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192<br>000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024<br>000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048<br>000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048<br>000 <br>000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} <br>000 <br>000 "L2TP-PSK-NAT": 116.104.228.195[+S=C]:17/1701---116.104.228.2...217.147.94.149<217.147.94.149>[+S=C]:17/1701===217.147.94.149/32; unrouted; eroute owner: #0<br>000 "L2TP-PSK-NAT": myip=unset; hisip=unset;<br>000 "L2TP-PSK-NAT": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3<br>000 "L2TP-PSK-NAT": policy: PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: ppp0; <br>000 "L2TP-PSK-NAT": newest ISAKMP SA: #0; newest IPsec SA: #0; <br>000 "mypc": 116.104.228.195[+S=C]:17/1701---116.104.228.2...217.147.94.149<217.147.94.149>[+S=C]:17/1701; erouted; eroute owner: #2<br>000 "mypc": myip=unset; hisip=unset;<br>000 "mypc": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3<br>000 "mypc": policy: PSK+ENCRYPT+DONTREKEY+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: ppp0; <br>000 "mypc": newest ISAKMP SA: #1; newest IPsec SA: #2; <br>000 "mypc": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048<br>000 <br>000 #2: "mypc":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE_IF_USED in 2533s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate<br>000 #2: "mypc" esp.c8b8a3a3@217.147.94.149 esp.bf2a9648@116.104.228.195 ref=0 refhim=4294901761<br>000 #1: "mypc":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE_IF_USED in 28023s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate <br></div></blockquote>any help please?<br><br></pre> <pre id="msg_pre"><br></pre> <br></div></body></html>