[Openswan Users] Problem with connection road
Salvatore Basso
sasab at pixteam.com
Tue Jul 20 15:49:53 CEST 2004
Hi, I have a problema with connection road-warrior, I use kernel 2.4 and openswan 2, the vpn connection site-to-site is functionally ok but when I try to connect a vpn gw from a connection dial-up I have the error message with l2tp.
My l2tpd.conf is:
[global]
listen-addr = 10.0.0.254
[lns default]
ip range = 10.0.0.0-10.0.0.252
local ip = 10.0.0.253
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
.. the rules on fw are:
$IPTABLES -t nat -A PREROUTING -p udp -d 4.5.6.7 --destination-port 1701 -j DNAT --to-destination 10.0.0.254
.. when 4.5.6.7 it's public ip on the public interfaces and I use how end-point for vpn, as long as 10.0.0.254 is private ip on fw and it's gateway for lan, then:
$IPTABLES -A OUTPUT -o eth0 -p udp -s 4.5.6.7 -d 10.0.0.254 --destination-port 1701 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p udp -s 10.0.0.254 -d 81.174.10.122 --destination-port 1701 -m state --state NEW -j ACCEPT
.. in the /var/log/secure:
Jul 20 13:01:41 localhost pluto[25942]: "left-road"[10] 1.2.3.4 #18: transition from state (null) to state STATE_MAIN_R1
Jul 20 13:01:43 localhost pluto[25942]: "left-road"[10] 1.2.3.4 #17: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Jul 20 13:01:43 localhost pluto[25942]: "left-road"[10] 1.2.3.4 #17: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 20 13:01:44 localhost pluto[25942]: "left-road"[10] 1.2.3.4 #17: Peer ID is ID_FQDN: '@roger.pippo.int'
Jul 20 13:01:44 localhost pluto[25942]: "left-road"[11] 1.2.3.4 #17: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 20 13:01:44 localhost pluto[25942]: | NAT-T: new mapping 1.2.3.4:500/4500)
Jul 20 13:01:44 localhost pluto[25942]: "left-road"[11] 1.2.3.4:4500 #17: sent MR3, ISAKMP SA established
Jul 20 13:01:44 localhost pluto[25942]: "left-road"[11] 1.2.3.4:4500 #19: responding to Quick Mode
Jul 20 13:01:44 localhost pluto[25942]: "left-road"[11] 1.2.3.4:4500 #19: transition from state (null) to state STATE_QUICK_R1
Jul 20 13:01:44 localhost pluto[25942]: "left-road"[11] 1.2.3.4:4500 #19: discarding duplicate packet; already STATE_QUICK_R1
Jul 20 13:01:45 localhost pluto[25942]: "left-road"[11] 1.2.3.4:4500 #19: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 20 13:01:45 localhost pluto[25942]: "left-road"[11] 1.2.3.4:4500 #19: IPsec SA established {ESP=>0xb605f628 <0x8f49ca0d}
where I mistake ??
thanks.
----------
Salvatore.
---
[This E-mail scanned for viruses by Declude Virus]
More information about the Users
mailing list