[Openswan Users] Openswan + l2tpd - Client can't connect (now
using certificates)
Jacco de Leeuw
jacco2 at dds.nl
Fri Feb 4 11:44:45 CET 2005
Ranieri Oliveira wrote:
> #create file /etc/l2tpd/l2tpd.conf and add lines:
> ================start /etc/l2tpd/l2tpd.conf=============
> [global]
> ; listen-addr = 192.168.1.98
(Don't forget to read:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Firewallwarning
once everything is working).
> [lns default]
> ip range = 192.168.1.128-192.168.1.254
> local ip = 192.168.1.99
So 192.168.1.0/24 on eth1 is your internal subnet?
Then you need to exclude this subnet in your NAT range as follows:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24
> conn roadwarrior-l2tp
> type=transport
> left=%defaultroute
> leftcert=host.example.com.pem
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/1701
Add:
rightsubnet=vhost:%no,%priv
> pfs=no
> auto=add
>
> #Disable Opportunistic Encryption
> #include /etc/ipsec.d/examples/no_oe.conf
Remove the # to actually disable OE:
include /etc/ipsec.d/examples/no_oe.conf
> cat /var/log/secure
> Feb 3 21:46:46 darkstar pluto[1110]: loading secrets from "/etc/ipsec.secrets"
> Feb 3 21:46:46 darkstar pluto[1110]: loaded private key file
> '/etc/ipsec.d/private/host.example.com.key' (1663 bytes)
Huh? Why is there no mention of the connections being loaded?
What does ipsec auto --status say?
> Feb 3 21:49:09 darkstar pluto[1110]: packet from 200.171.13.10:500:
> initial Main Mode message received on 200.171.13.9:500 but no
> connection has been authorized
Hey, is your client is not NATed anymore?
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list