[Openswan Users] Openswan + L2TP

Marcos Ferreira da Silva marcosfs at centershop.com.br
Sat Aug 13 09:42:42 CEST 2005


Em Sáb, 2005-08-13 às 00:20 +0200, Norman Rasmussen escreveu:
> FYI: in /etc/ppp/options.l2tpdipcp-accept-local you might want to add 'name'
> 
> this is what my debian system has:
> 
> # Name of the local system for authentication purposes
> # (must match the second field in /etc/ppp/chap-secrets entries)
> name l2tpd
> 

my l2tpd.conf:
[global]
;listen-addr = 192.168.99.1

[lns default]
ip range = 192.168.99.128-192.168.99.254
local ip = 192.168.99.2
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

my chap-secrets:
# Usuario Teste
*       markin  "teste" 192.168.99.130
markin  *       "teste" 192.168.99.130

my options.l2tpd:
ms-dns  192.168.99.1
ms-wins 192.168.99.1
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
connect-delay 5000
silent
logfile /var/log/l2tpd.log

If I put noauth, the client get the IP 192.168.99.130 and I connect
perfectly.  But if I put auth the errors is:

/usr/sbin/pppd: The remote system is required to authenticate itself
/usr/sbin/pppd: but I couldn't find any suitable secret (password) for
it to use to do so.
/usr/sbin/pppd: (None of the available passwords would let it use an IP
address.)


> On 13/08/05, Norman Rasmussen <normanr at gmail.com> wrote:
> > > Cliente: 192.168.1.2
> > > Server: 192.168.1.1
> > > Network:  192.168.99.0/24
> > 
> > um, I assume the server has another network card with an ip in the
> > network range?
> > 
> > more like (THIS IS AN EXAMPLE)
> > Server:
> > eth0: 192.168.1.1 (network 192.168.1.0/24)
> > eth1: 192.168.99.1 (network 192.168.99.0/24)
> > 
> > I guess you could do it via aliasing too (i.e. eth0 and eth0:1)
> > 
> > --
> > - Norman Rasmussen
> >  - Email: norman at rasmussen.co.za
> >  - Home page: http://norman.rasmussen.co.za/
> > 

My Network
Server: 
ppp0 (eth0): Internet
eth1   = 192.168.99.1 (192.168.99.0/24)
eth1:0 = 192.168.99.2 (192.168.99.0/24)
eth2   = 192.168.1.1 (192.168.1.0/24)

client --- (eth2) Server (eth1) --- network

My system is fedora core 4, openswan without klips, and I put the l2tpd
to listen in all interfaces.  But in this case the client can connect
directly in l2tpd without pass via IPSec.  Should I compile the openswan
with klips (fedora 4) to resolve this problem and put the l2tpd in
internal interface? 

Does someone compiled the openswan-klips at fedora 4?

Marcos



More information about the Users mailing list