[Openswan Users] Openswan + L2TP
Marcos Ferreira da Silva
marcosfs at centershop.com.br
Wed Aug 10 18:45:19 CEST 2005
Em Qua, 2005-08-10 às 11:03 +0200, Paul Wouters escreveu:
> On Tue, 9 Aug 2005, Marcos Ferreira da Silva wrote:
>
> > The openswan start and don´t show any error.
>
> Check the logs again. Did everything load properly? Are you sure you
> looked in /var/log/secure ?
>
> > The openswan didn´t start the connection (winXP) when I tried to connect with xp client. The xp client try to connect at port 1701 but doesn´t have this port at external address.
>
> The XP client should first setup an IPsec connection and only then try L2TP on
> port 1701. You probably misconfigured your client.
>
ok. I configure ipsec on winxp and connect to server via ipsec.
But i don't understand how the connection will be made with client L2TP
if I don't have any port 1701 on external interface.
ipsec.conf:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces="ipsec0=eth2"
klipsdebug="all"
plutodebug="control parsing"
nat_traversal=yes
uniqueids=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%
v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=secret
conn roadwarrior-net
leftsubnet=192.168.99.0/255.255.255.0
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior-l2tp
leftprotoport=17/1701
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-l2tp-oldwin
leftprotoport=17/0
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior
left=192.168.1.1
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
include /etc/ipsec.d/no_oe.con
Remember: I use fedora 4 (2.6.12-1.1398) and openswan 2.3.1-2
My test environment is:
Client <------> Server <-----> Internal Network
Client (winXP) 192.168.1.2
Server eth2 192.168.1.1 eth1 192.168.99.1
Internal network 192.168.99.0/24
I comment the uproute/downroute in the _updown script.
I put rules in my firewall to eth1-eth2.
>From winxp I ping the other net.
My l2tpd.conf:
[global]
listen-addr = 192.168.99.1
[lns default]
ip range = 192.168.99.128-192.168.99.254
local ip = 192.168.99.2
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
I configure the VPN Client on winXP to connect to 192.168.1.1, but has
no service L2TP at this address.
+-----------------------------------+
| Marcos Ferreira da Silva |
+-----------------------------------+
More information about the Users
mailing list