[Openswan Users] IPsec SA established but no l2tp

Rui Sampaio rui.csas at gmail.com
Thu Jan 6 23:23:42 CET 2005


Hello!

I've been trying to configure a IPSec/l2tp server using Jacco's instructions.
The setup is to run roadwarrior clients running win XP SP2.

The system:

debian testing
kernel 2.6.8  - 26sec
openswan  2.2.0-4
l2tpd  0.70-pre200311
ppp  2.4.2+20040428

I updated the windows registry to make NAT-T work


The vpn server is beyond a linksys router something like this


road_____________Internet___________Router_____________IPSEC server
warrior                                                 |         |   
                            |
                                          82.102.47.250     
192.168.1.1         192.168.1.10

The road warrior can be also be connected to a network beyond a router.

The router is forwarding ports 500 1701 4500 and 50 to the server

I had to enable IPSEC passthrought and add "nat_traversal=yes" to make
the ipsec connection

I get an "IPsec SA established" on /var/log/auth.log but nothing happens next...
The l2tp demon doesn't start logging on /var/log/syslog as it should be.

The strange thins is that if the roadwarrior is on the same network of
the server i can establish the connection and I see that the l2tp and
ppp work


/etc/ipsec.conf
version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        klipsdebug=none
        plutodebug="control parsing"
        nat_traversal=yes

# Add connections here

conn my_vpn
        authby=secret
        pfs=no
        left=192.168.1.10
        leftsubnet=82.102.47.250/32
        leftprotoport=17/0
        leftid=
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        rightid=
        auto=add
        keyingtries=3


/etc/l2tpd/l2tpd.conf

[global]
; listen-addr = 192.168.1.98

[lns default]
ip range = 192.168.1.155-192.168.1.170
local ip = 192.168.1.99
require chap = yes
refuse pap = yes
require authentication = yes
name = my_vpn
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

Anyone has suggestions to make this work?

Thanks
Rui Sampaio


More information about the Users mailing list