[Openswan Users] IPsec SA established but no l2tp
Rui Sampaio
rui.csas at gmail.com
Thu Jan 6 23:23:42 CET 2005
Hello!
I've been trying to configure a IPSec/l2tp server using Jacco's instructions.
The setup is to run roadwarrior clients running win XP SP2.
The system:
debian testing
kernel 2.6.8 - 26sec
openswan 2.2.0-4
l2tpd 0.70-pre200311
ppp 2.4.2+20040428
I updated the windows registry to make NAT-T work
The vpn server is beyond a linksys router something like this
road_____________Internet___________Router_____________IPSEC server
warrior | |
|
82.102.47.250
192.168.1.1 192.168.1.10
The road warrior can be also be connected to a network beyond a router.
The router is forwarding ports 500 1701 4500 and 50 to the server
I had to enable IPSEC passthrought and add "nat_traversal=yes" to make
the ipsec connection
I get an "IPsec SA established" on /var/log/auth.log but nothing happens next...
The l2tp demon doesn't start logging on /var/log/syslog as it should be.
The strange thins is that if the roadwarrior is on the same network of
the server i can establish the connection and I see that the l2tp and
ppp work
/etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
klipsdebug=none
plutodebug="control parsing"
nat_traversal=yes
# Add connections here
conn my_vpn
authby=secret
pfs=no
left=192.168.1.10
leftsubnet=82.102.47.250/32
leftprotoport=17/0
leftid=
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
rightid=
auto=add
keyingtries=3
/etc/l2tpd/l2tpd.conf
[global]
; listen-addr = 192.168.1.98
[lns default]
ip range = 192.168.1.155-192.168.1.170
local ip = 192.168.1.99
require chap = yes
refuse pap = yes
require authentication = yes
name = my_vpn
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
Anyone has suggestions to make this work?
Thanks
Rui Sampaio
More information about the Users
mailing list