[Openswan Users] L2TP + Openswan

Giovani Moda - MR Informática giovani at mrinformatica.com.br
Tue Dec 14 08:45:20 CET 2004


That's specific for openswan 2.2.0? Maybe I could try 2.1.5 or 2.3.0-dr4.

I'll run some tests and let you know.

Giovani
----- Original Message ----- 
From: "Norbert Wegener" <nw at sbs.de>
To: "Giovani Moda - MR Informática" <giovani at mrinformatica.com.br>
Cc: <users at lists.openswan.org>
Sent: Tuesday, December 14, 2004 5:57 AM
Subject: Re: [Openswan Users] L2TP + Openswan


> Hello,
> I can confirm, that there is a problem with at least openswan-2.2.0.
> I have the nearly the same configuration(rp-l2tp and ppp-2.4.2) and this 
> one works without any problems,
> when using it with superfreeswan-1.99.8. and kernel 2.4.21. Using the same 
> configuration(kernel: 2.4.21, ipsec.conf  converted by Suse's script 
> ipsec_1_to_2.pl
> to make it version 2 compatible) with openswan-2.2.0 gives me the same 
> result: IPSEC SA established, nothing more to be seen in the message file.
> Nevertheless, when you tcpdump the ipsec interface, you can see l2tp 
> traffic. Unfortunaltey this does not lead to starting pppd.
> Up to now I have no idea, what the problem exactly is and how to track it 
> down.
> Norbert
>
>
>
> Giovani Moda - MR Informática wrote:
>
>>I need some help over here.
>>
>>I'm following Jacco's instructions to do L2TP/IPSEC with Openswan, but I
>>can't make it work... I know is my mistake, but I can't figure it out.
>>
>>I have Openswan up and running on a Fedora Core 2 box, Jacco's rp-l2tp
>>and pppd 2.4.3. The XP box (SP2) can tunnel up just fine. But that's
>>about it.
>>The problem is with L2TP, chaps, PPP and everything else. Nothing
>>happens after the tunnel is established.
>>
>>Here is the output
>>
>>Dec 13 21:30:05 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: responding
>>to Main Mode from unknown peer A.B.C.G
>>Dec 13 21:30:05 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: transition
>>from state (null) to state STATE_MAIN_R1
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3:
>>NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
>>detected
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: transition
>>from state STATE_MAIN_R1 to state STATE_MAIN_R2
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: Peer ID is
>>ID_DER_ASN1_DN: 'C=BR, ...'
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: I am sending
>>my cert
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: transition
>>from state STATE_MAIN_R2 to state STATE_MAIN_R3
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #3: sent MR3,
>>ISAKMP SA established
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: responding
>>to Quick Mode
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: transition
>>from state (null) to state STATE_QUICK_R1
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: transition
>>from state STATE_QUICK_R1 to state STATE_QUICK_R2
>>Dec 13 21:30:06 main pluto[25220]: "inet-XP"[2] A.B.C.G #4: IPsec SA
>>established {ESP=>0x2139362b <0x86c0318b}
>>
>>The Ipsec tunnel is working. Now it's the part where the L2TP should
>>send the request and evething else. But nothing happens. There is no
>>authentication, and the conection times out.
>>
>>Here are my settings:
>>
>>------------------------------------l2tp.conf---------------------------
>>-----------------------------------
>># comment
>>
>># Global section (by default, we start in global mode)
>>global
>>
>># Load handlers
>>load-handler "sync-pppd.so"
>>load-handler "cmd.so"
>>
>># Bind address
>>listen-port 1701
>>listen-addr A.B.C.D
>>
>># Configure the sync-pppd handler.  You MUST have a "section sync-pppd"
>>line
>># even if you don't set any options.
>>section sync-pppd
>># Specify IP address of PPP adapter and DNS/WINS addresses here.
>>lns-pppd-opts "debug nopcomp noaccomp require-chap refuse-pap
>>A.B.C.G:A.B.C.H lcp-echo-interval 30 lcp-echo-failure 6 ms-dns A.B.C.D
>>ms-wins A.B.C.F noccp auth crtscts idle 1800 mtu 1410 mru 1410
>>nodefaultroute lock proxyarp connect-delay 5000"
>>lac-pppd-opts "name VPNServer noipdefault ipcp-accept-local
>>ipcp-accept-remote lcp-echo-interval 30 lcp-echo-failure 6"
>>
>># Peer section
>>section peer
>># Static IP address of client
>>peer A.B.C.E
>># No secret - no authentication
>>port 1701
>>#lac-handler sync-pppd
>>lac-handler sync-pppd
>>lns-handler sync-pppd
>>hide-avps no
>>
>># Configure the cmd handler.  You MUST have a "section cmd" line
>># even if you don't set any options.
>>section cmd
>>-------------------------------------l2tp.conf--------------------------
>>--------------------------------------------
>>
>>The pppd server is working, since I was had a pptpd server running
>>before. I'm missing something in the between.
>>
>>Any help would be appreciated.
>>
>>Thanks advanced,
>>
>>Giovani
>>
>>
>
>
> -- 
> Mit freundlichem Gruß
>
> Norbert Wegener
> SBS Mülheim
> Tel: 0208 4565379
> Fax: 0208 4565377
> 



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.5.0 - Release Date: 09/12/2004



More information about the Users mailing list