[Openswan Users] L2TP + Openswan
Giovani Moda - MR Informática
giovani at mrinformatica.com.br
Mon Dec 13 21:47:05 CET 2004
I need some help over here.
I'm following Jacco's instructions to do L2TP/IPSEC with Openswan, but I
can't make it work... I know is my mistake, but I can't figure it out.
I have Openswan up and running on a Fedora Core 2 box, Jacco's rp-l2tp
and pppd 2.4.3. The XP box (SP2) can tunnel up just fine. But that's
about it.
The problem is with L2TP, chaps, PPP and everything else. Nothing
happens after the tunnel is established.
Here is the output
Dec 13 21:30:05 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: responding
to Main Mode from unknown peer A.B.C.G
Dec 13 21:30:05 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: transition
from state (null) to state STATE_MAIN_R1
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: Peer ID is
ID_DER_ASN1_DN: 'C=BR, ...'
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: I am sending
my cert
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: sent MR3,
ISAKMP SA established
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: responding
to Quick Mode
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: transition
from state (null) to state STATE_QUICK_R1
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: transition
from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: IPsec SA
established {ESP=>0x2139362b <0x86c0318b}
The Ipsec tunnel is working. Now it's the part where the L2TP should
send the request and evething else. But nothing happens. There is no
authentication, and the conection times out.
Here are my settings:
------------------------------------l2tp.conf---------------------------
-----------------------------------
# comment
# Global section (by default, we start in global mode)
global
# Load handlers
load-handler "sync-pppd.so"
load-handler "cmd.so"
# Bind address
listen-port 1701
listen-addr A.B.C.D
# Configure the sync-pppd handler. You MUST have a "section sync-pppd"
line
# even if you don't set any options.
section sync-pppd
# Specify IP address of PPP adapter and DNS/WINS addresses here.
lns-pppd-opts "debug nopcomp noaccomp require-chap refuse-pap
A.B.C.G:A.B.C.H lcp-echo-interval 30 lcp-echo-failure 6 ms-dns A.B.C.D
ms-wins A.B.C.F noccp auth crtscts idle 1800 mtu 1410 mru 1410
nodefaultroute lock proxyarp connect-delay 5000"
lac-pppd-opts "name VPNServer noipdefault ipcp-accept-local
ipcp-accept-remote lcp-echo-interval 30 lcp-echo-failure 6"
# Peer section
section peer
# Static IP address of client
peer A.B.C.E
# No secret - no authentication
port 1701
#lac-handler sync-pppd
lac-handler sync-pppd
lns-handler sync-pppd
hide-avps no
# Configure the cmd handler. You MUST have a "section cmd" line
# even if you don't set any options.
section cmd
-------------------------------------l2tp.conf--------------------------
--------------------------------------------
The pppd server is working, since I was had a pptpd server running
before. I'm missing something in the between.
Any help would be appreciated.
Thanks advanced,
Giovani
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.5.1 - Release Date: 13/12/2004
More information about the Users
mailing list