<div dir="ltr"><div>Dear All,</div><div>I am using a EC2 Ubuntu 12.04 LTS instance in AWS. Openswan doesn't open any port to listen.</div><div>Please help me to run my server, I can't find out what 's wrong.</div>
<div>I used this manual: <a href="https://help.ubuntu.com/community/L2TPServer">https://help.ubuntu.com/community/L2TPServer</a></div><div><br></div><div>$ cat /etc/ipsec.conf </div><div><br></div><div>config setup</div>
<div>
nat_traversal=yes</div><div> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24</a></div><div> #contains the networks that are allowed as subnet= for the remote client. In other words, the address ranges that may live behind a NAT router through which a client connects.</div>
<div> oe=off</div><div> protostack=netkey</div><div>conn L2TP-PSK-NAT</div><div> rightsubnet=vhost:%priv</div><div> also=L2TP-PSK-noNAT</div><div>conn L2TP-PSK-noNAT</div><div> authby=secret</div><div> pfs=no</div>
<div> auto=add</div><div> keyingtries=3</div><div> rekey=no</div><div> # Apple iOS doesn't send delete notify so we need dead peer detection</div><div> # to detect vanishing clients</div><div> dpddelay=30</div>
<div> dpdtimeout=120</div><div> dpdaction=clear</div><div> # Set ikelifetime and keylife to same defaults windows has</div><div> ikelifetime=8h</div><div> keylife=1h</div><div> type=transport</div><div>
# Replace IP address with your local IP (private, behind NAT IP is okay as well)</div>
<div> left=127.0.0.1</div><div> # For updated Windows 2000/XP clients,</div><div> # to support old clients as well, use leftprotoport=17/%any</div><div> leftprotoport=17/1701</div><div> right=%any</div><div>
rightprotoport=17/%any</div><div> #force all to be nat'ed. because of iOS</div><div> forceencaps=yes</div><div><br></div><div>$ sudo cat /etc/ipsec.secrets</div><div><br></div><div># This file holds shared secrets or RSA private keys for inter-Pluto</div>
<div># authentication. See ipsec_pluto(8) manpage, and HTML documentation.</div><div><br></div><div># RSA private key for this host, authenticating it to any other host</div><div># which knows the public part. Suitable public keys, for ipsec.conf, DNS,</div>
<div># or configuration of other implementations, can be extracted conveniently</div><div># with "ipsec showhostkey".</div><div><br></div><div># this file is managed with debconf and will contain the automatically created RSA keys</div>
<div>#include /var/lib/openswan/ipsec.secrets.inc</div><div><br></div><div>127.0.0.1 %any: PSK "PASSWORD"</div><div><br></div><div>$ sudo ipsec verify</div><div>Checking your system to see if IPsec got installed and started correctly:</div>
<div>Version check and ipsec on-path <span class="" style="white-space:pre"> </span>[OK]</div><div>Linux Openswan U2.6.37/K3.2.0-54-virtual (netkey)</div><div>Checking for IPsec support in kernel <span class="" style="white-space:pre"> </span>[OK]</div>
<div> SAref kernel support <span class="" style="white-space:pre"> </span>[N/A]</div><div> NETKEY: Testing XFRM related proc values <span class="" style="white-space:pre"> </span>[OK]</div>
<div><span class="" style="white-space:pre"> </span>[OK]</div><div><span class="" style="white-space:pre"> </span>[OK]</div><div>Checking that pluto is running <span class="" style="white-space:pre"> </span>[OK]</div>
<div> Pluto listening for IKE on udp 500 <span class="" style="white-space:pre"> </span>[OK]</div><div> Pluto listening for NAT-T on udp 4500 <span class="" style="white-space:pre"> </span>[OK]</div>
<div>Checking for 'ip' command <span class="" style="white-space:pre"> </span>[OK]</div><div>Checking /bin/sh is not /bin/dash <span class="" style="white-space:pre"> </span>[WARNING]</div>
<div>Checking for 'iptables' command <span class="" style="white-space:pre"> </span>[OK]</div><div>Opportunistic Encryption Support <span class="" style="white-space:pre"> </span>[DISABLED]</div>
<div><br></div><div>$ cat /etc/xl2tpd/xl2tpd.conf</div><div> [global]<span class="" style="white-space:pre"> </span>; Global parameters:</div><div>ipsec saref = no</div><div><br></div><div>[lns default]<span class="" style="white-space:pre"> </span>; Our fallthrough LNS definition</div>
<div>ip range = 10.152.2.2-10.152.2.254</div><div>local ip = 10.152.2.1</div><div>require chap = yes</div><div>refuse pap = yes</div><div>require authentication = yes</div><div>ppp debug = yes</div><div>pppoptfile = /etc/ppp/options.xl2tpd</div>
<div>length bit = yes</div><div>unix authentication = yes</div><div><br></div><div>$ cat /etc/ppp/options.xl2tpd</div><div><br></div><div>refuse-mschap-v2</div><div>refuse-mschap</div><div>ms-dns 8.8.8.8</div><div>ms-dns 8.8.4.4</div>
<div>asyncmap 0</div><div>auth</div><div>crtscts</div><div>idle 1800</div><div>mtu 1200</div><div>mru 1200</div><div>lock</div><div>hide-password</div><div>local</div><div>#debug</div><div>name l2tpd</div><div>proxyarp</div>
<div>lcp-echo-interval 30</div><div>lcp-echo-failure 4</div><div>login</div><div><br></div><div>~$ sudo cat /etc/ppp/chap-secrets</div><div># Secrets for authentication using CHAP</div><div># client<span class="" style="white-space:pre"> </span>server<span class="" style="white-space:pre"> </span>secret<span class="" style="white-space:pre"> </span>IP addresses</div>
<div>user1 <span class="" style="white-space:pre"> </span>l2tpd <span class="" style="white-space:pre"> </span>PASSWORD<span class="" style="white-space:pre"> </span>*</div><div>user2 <span class="" style="white-space:pre"> </span>l2tpd<span class="" style="white-space:pre"> </span>PASSWORD <span class="" style="white-space:pre"> </span>*</div>
<div><br></div><div>$ nmap localhost</div><div><br></div><div>Starting Nmap 5.21 ( <a href="http://nmap.org">http://nmap.org</a> ) at 2013-11-22 21:01 UTC</div><div>Nmap scan report for localhost (127.0.0.1)</div><div>Host is up (0.00080s latency).</div>
<div>Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1</div><div>Not shown: 996 closed ports</div><div>PORT STATE SERVICE</div><div>22/tcp open ssh</div><div>80/tcp open http</div><div>3306/tcp open mysql</div>
<div>9000/tcp open cslistener</div><div><br></div><div>Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds</div><div><br></div><div>Here is the log: </div><div><br></div><div>Nov 22 21:03:07 ip-10-185-160-186 ipsec_setup: Stopping Openswan IPsec...</div>
<div>Nov 22 21:03:09 ip-10-185-160-186 kernel: [1536360.687719] NET: Unregistered protocol family 15</div><div>Nov 22 21:03:09 ip-10-185-160-186 ipsec_setup: ...Openswan IPsec stopped</div><div>Nov 22 21:03:09 ip-10-185-160-186 kernel: [1536360.737201] NET: Registered protocol family 15</div>
<div>Nov 22 21:03:09 ip-10-185-160-186 ipsec_setup: Starting Openswan IPsec U2.6.37/K3.2.0-54-virtual...</div><div>Nov 22 21:03:09 ip-10-185-160-186 ipsec_setup: Using NETKEY(XFRM) stack</div><div>Nov 22 21:03:09 ip-10-185-160-186 kernel: [1536360.836489] Initializing XFRM netlink socket</div>
<div>Nov 22 21:03:09 ip-10-185-160-186 ipsec_setup: ...Openswan IPsec started</div><div>Nov 22 21:03:09 ip-10-185-160-186 xl2tpd[3002]: death_handler: Fatal signal 15 received</div><div>Nov 22 21:03:09 ip-10-185-160-186 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d</div>
<div>Nov 22 21:03:09 ip-10-185-160-186 pluto: adjusting ipsec.d to /etc/ipsec.d</div><div>Nov 22 21:03:09 ip-10-185-160-186 ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT"</div><div>Nov 22 21:03:09 ip-10-185-160-186 ipsec__plutorun: 002 added connection description "L2TP-PSK-noNAT"</div>
<div>Nov 22 21:03:10 ip-10-185-160-186 xl2tpd[3500]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes</div><div>Nov 22 21:03:10 ip-10-185-160-186 xl2tpd[3500]: setsockopt recvref[30]: Protocol not available</div>
<div>Nov 22 21:03:10 ip-10-185-160-186 xl2tpd[3500]: This binary does not support kernel L2TP.</div><div>Nov 22 21:03:10 ip-10-185-160-186 xl2tpd[3501]: xl2tpd version xl2tpd-1.3.1 started on ip-10-185-160-186 PID:3501</div>
<div>Nov 22 21:03:10 ip-10-185-160-186 xl2tpd[3501]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.</div><div>Nov 22 21:03:10 ip-10-185-160-186 xl2tpd[3501]: Forked by Scott Balmos and David Stipp, (C) 2001</div>
<div>Nov 22 21:03:10 ip-10-185-160-186 xl2tpd[3501]: Inherited by Jeff McAdams, (C) 2002</div><div>Nov 22 21:03:10 ip-10-185-160-186 xl2tpd[3501]: Forked again by Xelerance (<a href="http://www.xelerance.com">www.xelerance.com</a>) (C) 2006</div>
<div>Nov 22 21:03:10 ip-10-185-160-186 xl2tpd[3501]: Listening on IP address 0.0.0.0, port 1701</div><div><br></div><div>please give me hint,</div><div><br></div><div>Thanks</div><div>Regards</div><div>Mohsen</div><div><br>
</div></div>