[Openswan Users] duplicating a ipsec config

Brad Chang openswan at dotnoc.com
Tue Jul 6 00:33:51 CEST 2004


HI thanks for ttaking a look: (this is the exact config on both vpn servers 1 
works one doesnt)
l2tpd.conf:
[global]

[lns default]
ip range = 192.168.1.25-192.168.1.50
local ip = 216.187.95.142
require chap = yes
refuse pap = yes
require authentication = yes
name = GuardianVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

ipsec.conf:
version 2.0

config setup
        forwardcontrol=yes
        interfaces="ipsec0=eth0:0"
        klipsdebug=none
        plutodebug=none
        syslog=syslog.debug
        uniqueids=yes

conn %default
        keyingtries=1
        compress=no
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior
        leftsubnet=192.168.1.0/24
        also=roadwarrior2

conn roadwarrior2
        left=216.187.95.14
        leftnexthop=216.187.95.1
        authby=rsasig
        leftprotoport=17/0
        right=%any
        rightprotoport=17/1701
        pfs=no
        rightid="C=CA, ST=British Columbia, L=Vancouver, O=dotnoc., OU=Network 
Operations, CN=dotnoc, E=support at dotnoc.com"
        leftcert=dotnoc.pem
        keyingtries=3
        esp=3des-md5-96
        auto=add


conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore


Quoting Tobias Hadem <th at lt-ec.de>:

> 
> Could you post all your configs?
> 
> i think you have a setup similar to yacco's descriptions, right?
> 
> then post your l2tpd.conf and your ipsec.conf.
> 
> when hanging on passwords, only chap-secrets may help you, because then no 
> demon is starting up because all connections are already up.
> 
> 
> tobi
> 
> 
> 
> Am Dienstag, 6. Juli 2004 08:13 schrieben Sie:
> > its an exact copy on both servers.. default actually.  now I get it
> hangin
> > on authorizing password.  One machine works fine with the exact same
> > config.  I will check the config again. but it is mostly defualt.  the ip
> > in the listenaddr because I have an ip failover.
> >
> > thanks for all your help
> >
> > ipcp-accept-local
> > ipcp-accept-remote
> > #ms-dns  192.168.1.1
> > #ms-wins 192.168.1.2
> > auth
> > crtscts
> > idle 1800
> > mtu 1410
> > mru 1410
> > nodefaultroute
> > debug
> > lock
> > proxyarp
> > connect-delay 5000
> >
> > Quoting Tobias Hadem <th at lt-ec.de>:
> > > This is not an Openswan-Issue. Your l2tp-server or to be precise, your
> > > ppp-server is not firing up, because some entries in the config-files
> are
> > > bad
> > >
> > > or missing.
> > > maybe you did not copy the options-file for ppp on the other side? or
> did
> > > not
> > >
> > > change the ip in the l2tpd.conf (listenaddr)?
> > >
> > > tobi
> > >
> > > Am Dienstag, 6. Juli 2004 06:36 schrieb Brad Chang:
> > > > Hi I want to duplicate my ipsec configuration from one server to
> > > > another basically I thought I could just copy over all the folders (I
> > > > am useing ipsec with x.509).  I copied these folders and files over
> and
> > > > figured it would work. But I think im missing a folder because I get
> an
> > > > error on
> > >
> > > this
> > >
> > > > new vpn server (or the copying methode doesnt work):
> > > >
> > > > Files copied:
> > > > /etc/ipsec.conf
> > > > /etc/ipsec.secrets
> > > > /etc/certs/crl.pem
> > > > /etc/certs/demoCA/
> > > > /etc/ssl/
> > > > /etc/ipsec.d/
> > > > /etc/l2tp/
> > > > /etc/ppp/
> > > >
> > > >
> > > > Thanks and best regards,
> > > > -Brad Chang
> > > >
> > > > syslog Snippet:
> > > >
> > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: check_control: control, cid =
> 0,
> > > > Ns
> > >
> > > =
> > >
> > > > 4, Nr = 2
> > > > Jul  5 22:22:37 guardfw2 pppd[7555]: no device specified and stdin is
> > > > not
> > >
> > > a
> > >
> > > > tty Jul  5 22:22:37 guardfw2 l2tpd[7527]: child_handler : pppd died
> for
> > > > call 1 Jul  5 22:22:37 guardfw2 l2tpd[7527]: write_packet: Bad file
> > > > descriptor(9) Jul  5 22:22:37 guardfw2 l2tpd[7527]: call_close: Call
> > >
> > > 53359
> > >
> > > > to 154.5.21.47 disconnected
> > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: check_control: control, cid =
> 0,
> > > > Ns
> > >
> > > =
> > >
> > > > 4, Nr = 3
> > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: check_control: control, cid =
> 0,
> > > > Ns
> > >
> > > =
> > >
> > > > 4, Nr = 3
> > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: handle_avps: handling avp's for
> > > > tunnel 64003, call 48738
> > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: message_type_avp: message type
> 4
> > > > (Stop- Control-Connection-Notification)
> > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: assigned_tunnel_avp: using
> peer's
> > > > tunnel 6 Jul  5 22:22:37 guardfw2 l2tpd[7527]: result_code_avp: peer
> > > > closing for reason 6 (Requester is being shut down), error = 0
> > > > ()
> > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: control_finish: Connection
> closed
> > >
> > > to
> > >
> > > > 154.5.21.47, port 1701 (), Local: 64003, Remote:
> > > >  6
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at lists.openswan.org
> > > > http://lists.openswan.org/mailman/listinfo/users
> > >
> > > --
> > >
> > > Tobias Hadem			th at lt-ec.de
> > > LT-ec service & solutions	http://www.lt-ec.de
> > > fon +49 (0)911 97791355		fax +49 (0)911 97791358
> > > Benno-Strauss-Strasse 5		D-90763 Fürth/Bay.
> > > Zimmerstrasse 23                	D-90117 Berlin
> > >
> > > LinuxTag - Europes largest expo and conference
> > > Sommer 2004 im Messe - und Kongresszentrum Karlsruhe
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.openswan.org
> > > http://lists.openswan.org/mailman/listinfo/users
> >
> > Thanks and best regards,
> > -Brad Chang
> > -http://www.dotnoc.com
> >
> >
> > -------------------------------------------------------------------
> > hosting,web design and managed services @ http://www.dotnoc.com
> 
> -- 
> 
> Tobias Hadem			th at lt-ec.de
> LT-ec service & solutions	http://www.lt-ec.de
> fon +49 (0)911 97791355		fax +49 (0)911 97791358
> Benno-Strauss-Strasse 5		D-90763 Fürth/Bay.
> Zimmerstrasse 23                	D-90117 Berlin
> 
> LinuxTag - Europes largest expo and conference
> Sommer 2004 im Messe - und Kongresszentrum Karlsruhe
> 






Thanks and best regards,
-Brad Chang
-http://www.dotnoc.com


-------------------------------------------------------------------
hosting,web design and managed services @ http://www.dotnoc.com



More information about the Users mailing list