[Openswan Users] L2TP + Openswan

Norbert Wegener nw at sbs.de
Tue Dec 14 08:57:29 CET 2004 

Hello,
I can confirm, that there is a problem with at least openswan-2.2.0.
I have the nearly the same configuration(rp-l2tp and ppp-2.4.2) and this 
one works without any problems,
when using it with superfreeswan-1.99.8. and kernel 2.4.21. Using the 
same configuration(kernel: 2.4.21, ipsec.conf  converted by Suse's 
script ipsec_1_to_2.pl
to make it version 2 compatible) with openswan-2.2.0 gives me the same 
result: IPSEC SA established, nothing more to be seen in the message file.
Nevertheless, when you tcpdump the ipsec interface, you can see l2tp 
traffic. Unfortunaltey this does not lead to starting pppd.
Up to now I have no idea, what the problem exactly is and how to track 
it down.
Norbert



Giovani Moda - MR Informática wrote:

>I need some help over here.
>
>I'm following Jacco's instructions to do L2TP/IPSEC with Openswan, but I
>can't make it work... I know is my mistake, but I can't figure it out.
>
>I have Openswan up and running on a Fedora Core 2 box, Jacco's rp-l2tp
>and pppd 2.4.3. The XP box (SP2) can tunnel up just fine. But that's
>about it. 
>
>The problem is with L2TP, chaps, PPP and everything else. Nothing
>happens after the tunnel is established.
>
>Here is the output
>
>Dec 13 21:30:05 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: responding
>to Main Mode from unknown peer A.B.C.G
>Dec 13 21:30:05 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: transition
>from state (null) to state STATE_MAIN_R1
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3:
>NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
>detected
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: transition
>from state STATE_MAIN_R1 to state STATE_MAIN_R2
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: Peer ID is
>ID_DER_ASN1_DN: 'C=BR, ...'
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: I am sending
>my cert
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: transition
>from state STATE_MAIN_R2 to state STATE_MAIN_R3
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: sent MR3,
>ISAKMP SA established
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: responding
>to Quick Mode
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: transition
>from state (null) to state STATE_QUICK_R1
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: transition
>from state STATE_QUICK_R1 to state STATE_QUICK_R2
>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: IPsec SA
>established {ESP=>0x2139362b <0x86c0318b}
>
>The Ipsec tunnel is working. Now it's the part where the L2TP should
>send the request and evething else. But nothing happens. There is no
>authentication, and the conection times out.
>
>Here are my settings:
>
>------------------------------------l2tp.conf---------------------------
>-----------------------------------
># comment
>
># Global section (by default, we start in global mode)
>global
>
># Load handlers
>load-handler "sync-pppd.so"
>load-handler "cmd.so"
>
># Bind address
>listen-port 1701
>listen-addr A.B.C.D
>
># Configure the sync-pppd handler.  You MUST have a "section sync-pppd"
>line
># even if you don't set any options.
>section sync-pppd
># Specify IP address of PPP adapter and DNS/WINS addresses here.
>lns-pppd-opts "debug nopcomp noaccomp require-chap refuse-pap
>A.B.C.G:A.B.C.H lcp-echo-interval 30 lcp-echo-failure 6 ms-dns A.B.C.D
>ms-wins A.B.C.F noccp auth crtscts idle 1800 mtu 1410 mru 1410
>nodefaultroute lock proxyarp connect-delay 5000"
>lac-pppd-opts "name VPNServer noipdefault ipcp-accept-local
>ipcp-accept-remote lcp-echo-interval 30 lcp-echo-failure 6"
>
># Peer section
>section peer
># Static IP address of client
>peer A.B.C.E
># No secret - no authentication
>port 1701
>#lac-handler sync-pppd
>lac-handler sync-pppd
>lns-handler sync-pppd
>hide-avps no
>
># Configure the cmd handler.  You MUST have a "section cmd" line
># even if you don't set any options.
>section cmd
>-------------------------------------l2tp.conf--------------------------
>--------------------------------------------
>
>The pppd server is working, since I was had a pptpd server running
>before. I'm missing something in the between.
>
>Any help would be appreciated.
>
>Thanks advanced,
>
>Giovani
>
>  
>


-- 
Mit freundlichem Gruß

Norbert Wegener
SBS Mülheim
Tel: 0208 4565379
Fax: 0208 4565377

More information about the Users mailing list