[Openswan Users] could not understand problem guess i am going
to loose my job
Jacco de Leeuw
jacco2 at dds.nl
Thu Feb 24 12:12:30 CET 2005
rohit sahi wrote:
> I want to setup the road warrior setup with l2tp and psk . an ip
> address address will be given to the client.
OK, so you want to use L2TP over IPsec. And a virtual IP address from the
10.140.0.0/16 network should be assigned to the client through L2TP.
> the problem is the psk is compared and choosen properly. but before
> the new tunnel is made the rekey event is fired
I don't understand what you mean with this. Does it work, briefly or none
at all? What events does the client see?
> for your reference i am here by attatching my /var/log/secure and barf output.
There is a lot of debugging output there (better post it to some website or
at least compress the files). There are some strange things
(EVENT_CRYPTO_FAILED, ASSERTION FAILED) which I leave to others but here
are some other comments:
> config setup
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
Your internal subnet should be excluded, i.e.:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!10.140.0.0/16
> conn roadwarrior-l2tp-updatewin
> leftprotoport=17/0
This should be leftprotoport=17/1701 for XP clients with SP2 or
Q818043 installed.
> rightprotoport=17/1701
> also=roadwarrior
> conn roadwarrior
> pfs=no
> left=203.200.79.57
> leftnexthop=203.200.79.33
> right=%any
> rightsubnet=vhost:%no,%priv
> auto=add
> conn %default
> authby=secret
>
> /etc/ipsec.secrets:
> 203.200.79.57 %any : PSK "[sums to f644...]"
You are trying to use a Preshared Key for Road Warriors. This might or might
not work but I would suggest you start with a fixed IP address for the client.
I.e. replace %any with 61.95.143.60 (or whatever IP address your XP client
has).
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list