[Openswan Users] Openswan + l2tpd - Client can't connect (now using certificates)

Jacco de Leeuw jacco2 at dds.nl
Fri Feb 4 11:44:45 CET 2005


Ranieri Oliveira wrote:

> #create file /etc/l2tpd/l2tpd.conf and add lines:
> ================start /etc/l2tpd/l2tpd.conf=============
> [global]
> ; listen-addr = 192.168.1.98

(Don't forget to read:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Firewallwarning
once everything is working).

> [lns default]
> ip range = 192.168.1.128-192.168.1.254
> local ip = 192.168.1.99

So 192.168.1.0/24 on eth1 is your internal subnet?
Then you need to exclude this subnet in your NAT range as follows:

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24

> conn roadwarrior-l2tp
>       type=transport
>       left=%defaultroute
>       leftcert=host.example.com.pem
>       leftprotoport=17/1701
>       right=%any
>       rightprotoport=17/1701

Add:
         rightsubnet=vhost:%no,%priv

>       pfs=no
>       auto=add
> 
> #Disable Opportunistic Encryption
> #include /etc/ipsec.d/examples/no_oe.conf

Remove the # to actually disable OE:
include /etc/ipsec.d/examples/no_oe.conf

> cat /var/log/secure
> Feb  3 21:46:46 darkstar pluto[1110]: loading secrets from "/etc/ipsec.secrets"
> Feb  3 21:46:46 darkstar pluto[1110]:   loaded private key file
> '/etc/ipsec.d/private/host.example.com.key' (1663 bytes)

Huh? Why is there no mention of the connections being loaded?
What does ipsec auto --status say?

> Feb  3 21:49:09 darkstar pluto[1110]: packet from 200.171.13.10:500:
> initial Main Mode message received on 200.171.13.9:500 but no
> connection has been authorized

Hey, is your client is not NATed anymore?

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list