[Openswan Users] duplicating a ipsec config - bad edit

Brad Chang openswan at dotnoc.com
Tue Jul 6 00:35:35 CEST 2004


sorry bad edit supposed to be shown like this:

 conn roadwarrior2
         left=216.187.95.142
         leftnexthop=216.187.95.1



Quoting Brad Chang <openswan at dotnoc.com>:

> HI thanks for ttaking a look: (this is the exact config on both vpn servers 1
> 
> works one doesnt)
> l2tpd.conf:
> [global]
> 
> [lns default]
> ip range = 192.168.1.25-192.168.1.50
> local ip = 216.187.95.142
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = GuardianVPNserver
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd
> length bit = yes
> 
> ipsec.conf:
> version 2.0
> 
> config setup
>         forwardcontrol=yes
>         interfaces="ipsec0=eth0:0"
>         klipsdebug=none
>         plutodebug=none
>         syslog=syslog.debug
>         uniqueids=yes
> 
> conn %default
>         keyingtries=1
>         compress=no
>         disablearrivalcheck=no
>         authby=rsasig
>         leftrsasigkey=%cert
>         rightrsasigkey=%cert
> 
> conn roadwarrior
>         leftsubnet=192.168.1.0/24
>         also=roadwarrior2
> 
> conn roadwarrior2
>         left=216.187.95.14
>         leftnexthop=216.187.95.1
>         authby=rsasig
>         leftprotoport=17/0
>         right=%any
>         rightprotoport=17/1701
>         pfs=no
>         rightid="C=CA, ST=British Columbia, L=Vancouver, O=dotnoc.,
> OU=Network 
> Operations, CN=dotnoc, E=support at dotnoc.com"
>         leftcert=dotnoc.pem
>         keyingtries=3
>         esp=3des-md5-96
>         auto=add
> 
> 
> conn block
>     auto=ignore
> 
> conn private
>     auto=ignore
> 
> conn private-or-clear
>     auto=ignore
> 
> conn clear-or-private
>     auto=ignore
> 
> conn clear
>     auto=ignore
> 
> conn packetdefault
>     auto=ignore
> 
> 
> Quoting Tobias Hadem <th at lt-ec.de>:
> 
> > 
> > Could you post all your configs?
> > 
> > i think you have a setup similar to yacco's descriptions, right?
> > 
> > then post your l2tpd.conf and your ipsec.conf.
> > 
> > when hanging on passwords, only chap-secrets may help you, because then no
> 
> > demon is starting up because all connections are already up.
> > 
> > 
> > tobi
> > 
> > 
> > 
> > Am Dienstag, 6. Juli 2004 08:13 schrieben Sie:
> > > its an exact copy on both servers.. default actually.  now I get it
> > hangin
> > > on authorizing password.  One machine works fine with the exact same
> > > config.  I will check the config again. but it is mostly defualt.  the
> ip
> > > in the listenaddr because I have an ip failover.
> > >
> > > thanks for all your help
> > >
> > > ipcp-accept-local
> > > ipcp-accept-remote
> > > #ms-dns  192.168.1.1
> > > #ms-wins 192.168.1.2
> > > auth
> > > crtscts
> > > idle 1800
> > > mtu 1410
> > > mru 1410
> > > nodefaultroute
> > > debug
> > > lock
> > > proxyarp
> > > connect-delay 5000
> > >
> > > Quoting Tobias Hadem <th at lt-ec.de>:
> > > > This is not an Openswan-Issue. Your l2tp-server or to be precise,
> your
> > > > ppp-server is not firing up, because some entries in the config-files
> > are
> > > > bad
> > > >
> > > > or missing.
> > > > maybe you did not copy the options-file for ppp on the other side? or
> > did
> > > > not
> > > >
> > > > change the ip in the l2tpd.conf (listenaddr)?
> > > >
> > > > tobi
> > > >
> > > > Am Dienstag, 6. Juli 2004 06:36 schrieb Brad Chang:
> > > > > Hi I want to duplicate my ipsec configuration from one server to
> > > > > another basically I thought I could just copy over all the folders
> (I
> > > > > am useing ipsec with x.509).  I copied these folders and files over
> > and
> > > > > figured it would work. But I think im missing a folder because I
> get
> > an
> > > > > error on
> > > >
> > > > this
> > > >
> > > > > new vpn server (or the copying methode doesnt work):
> > > > >
> > > > > Files copied:
> > > > > /etc/ipsec.conf
> > > > > /etc/ipsec.secrets
> > > > > /etc/certs/crl.pem
> > > > > /etc/certs/demoCA/
> > > > > /etc/ssl/
> > > > > /etc/ipsec.d/
> > > > > /etc/l2tp/
> > > > > /etc/ppp/
> > > > >
> > > > >
> > > > > Thanks and best regards,
> > > > > -Brad Chang
> > > > >
> > > > > syslog Snippet:
> > > > >
> > > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: check_control: control, cid =
> > 0,
> > > > > Ns
> > > >
> > > > =
> > > >
> > > > > 4, Nr = 2
> > > > > Jul  5 22:22:37 guardfw2 pppd[7555]: no device specified and stdin
> is
> > > > > not
> > > >
> > > > a
> > > >
> > > > > tty Jul  5 22:22:37 guardfw2 l2tpd[7527]: child_handler : pppd died
> > for
> > > > > call 1 Jul  5 22:22:37 guardfw2 l2tpd[7527]: write_packet: Bad file
> > > > > descriptor(9) Jul  5 22:22:37 guardfw2 l2tpd[7527]: call_close:
> Call
> > > >
> > > > 53359
> > > >
> > > > > to 154.5.21.47 disconnected
> > > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: check_control: control, cid =
> > 0,
> > > > > Ns
> > > >
> > > > =
> > > >
> > > > > 4, Nr = 3
> > > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: check_control: control, cid =
> > 0,
> > > > > Ns
> > > >
> > > > =
> > > >
> > > > > 4, Nr = 3
> > > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: handle_avps: handling avp's
> for
> > > > > tunnel 64003, call 48738
> > > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: message_type_avp: message
> type
> > 4
> > > > > (Stop- Control-Connection-Notification)
> > > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: assigned_tunnel_avp: using
> > peer's
> > > > > tunnel 6 Jul  5 22:22:37 guardfw2 l2tpd[7527]: result_code_avp:
> peer
> > > > > closing for reason 6 (Requester is being shut down), error = 0
> > > > > ()
> > > > > Jul  5 22:22:37 guardfw2 l2tpd[7527]: control_finish: Connection
> > closed
> > > >
> > > > to
> > > >
> > > > > 154.5.21.47, port 1701 (), Local: 64003, Remote:
> > > > >  6
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Users mailing list
> > > > > Users at lists.openswan.org
> > > > > http://lists.openswan.org/mailman/listinfo/users
> > > >
> > > > --
> > > >
> > > > Tobias Hadem			th at lt-ec.de
> > > > LT-ec service & solutions	http://www.lt-ec.de
> > > > fon +49 (0)911 97791355		fax +49 (0)911 97791358
> > > > Benno-Strauss-Strasse 5		D-90763 Fürth/Bay.
> > > > Zimmerstrasse 23                	D-90117 Berlin
> > > >
> > > > LinuxTag - Europes largest expo and conference
> > > > Sommer 2004 im Messe - und Kongresszentrum Karlsruhe
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at lists.openswan.org
> > > > http://lists.openswan.org/mailman/listinfo/users
> > >
> > > Thanks and best regards,
> > > -Brad Chang
> > > -http://www.dotnoc.com
> > >
> > >
> > > -------------------------------------------------------------------
> > > hosting,web design and managed services @ http://www.dotnoc.com
> > 
> > -- 
> > 
> > Tobias Hadem			th at lt-ec.de
> > LT-ec service & solutions	http://www.lt-ec.de
> > fon +49 (0)911 97791355		fax +49 (0)911 97791358
> > Benno-Strauss-Strasse 5		D-90763 Fürth/Bay.
> > Zimmerstrasse 23                	D-90117 Berlin
> > 
> > LinuxTag - Europes largest expo and conference
> > Sommer 2004 im Messe - und Kongresszentrum Karlsruhe
> > 
> 
> 
> 
> 
> 
> 
> Thanks and best regards,
> -Brad Chang
> -http://www.dotnoc.com
> 
> 
> -------------------------------------------------------------------
> hosting,web design and managed services @ http://www.dotnoc.com
> 
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 






Thanks and best regards,
-Brad Chang
-http://www.dotnoc.com


-------------------------------------------------------------------
hosting,web design and managed services @ http://www.dotnoc.com



More information about the Users mailing list