[Openswan Users] Openswan + L2TP

Marcos Ferreira da Silva marcosfs at centershop.com.br
Wed Aug 10 18:45:19 CEST 2005 

Em Qua, 2005-08-10 às 11:03 +0200, Paul Wouters escreveu:
> On Tue, 9 Aug 2005, Marcos Ferreira da Silva wrote:
> 
> > The openswan start and don´t show any error.
> 
> Check the logs again. Did everything load properly? Are you sure you
> looked in /var/log/secure ?
> 
> > The openswan didn´t start the connection (winXP) when I tried to connect with xp client.  The xp client try to connect at port 1701 but doesn´t have this port at  external address.
> 
> The XP client should first setup an IPsec connection and only then try L2TP on
> port 1701. You probably misconfigured your client.
> 

ok. I configure ipsec on winxp and connect to server via ipsec.

But i don't understand how the connection will be made with client L2TP
if I don't have any port 1701 on external interface.

ipsec.conf:
version 2.0     # conforms to second version of ipsec.conf specification

config setup
        interfaces="ipsec0=eth2"
        klipsdebug="all"
        plutodebug="control parsing"
        nat_traversal=yes
        uniqueids=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%
v4:192.168.0.0/16

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=secret

conn roadwarrior-net
        leftsubnet=192.168.99.0/255.255.255.0
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior-l2tp
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-l2tp-oldwin
        leftprotoport=17/0
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior
        left=192.168.1.1
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

include /etc/ipsec.d/no_oe.con

Remember: I use fedora 4 (2.6.12-1.1398) and openswan 2.3.1-2

My test environment is:

Client  <------> Server <-----> Internal Network

Client (winXP) 192.168.1.2
Server eth2 192.168.1.1  eth1 192.168.99.1
Internal network 192.168.99.0/24

I comment the uproute/downroute in the _updown script.

I put rules in my firewall to eth1-eth2.

>From winxp I ping the other net.


My l2tpd.conf:
[global]
listen-addr = 192.168.99.1

[lns default]
ip range = 192.168.99.128-192.168.99.254
local ip = 192.168.99.2
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

I configure the VPN Client on winXP to connect to 192.168.1.1, but has
no service L2TP at this address.  


+-----------------------------------+
| Marcos Ferreira da Silva          |
+-----------------------------------+

More information about the Users mailing list