[Openswan Users]

Siegfried Fischler siegfried.fischler2 at bluewin.ch
Fri Jul 15 00:03:22 CEST 2005 

did add leftnexthop with the ip adr of the dsl router and as well the
openswan server and with this param the situation gets worse. nothing, i.e.
no dial-up client or dsl client will be able to establish even a tunnel.
there are no life signs in the log when using openswan with my initial
config when using the dsl client, but using the dial-up client shows lots of
positive log messages for l2tp and ppp. it appears that when trying to
establish a vpn session like illustrated in scenario #1

<client>--<dsl router>---<internet>---ip_1<dsl router>ip_2---ip_3<openswan
2.3.1 server>ip_4---<this is the LAN the VPN client should get access to>
(scenario #1)

l2tp daemon will not get notified at all (hence no log messages appear) and
obviously the client times-out and closes with the error 678 the tunnel. but
when doing the same with the scenarion #2

<ppp client>---<internet>---ip_1<dsl router>ip_2---ip_3<openswan 2.3.1
server>ip_4---<this is the LAN the VPN client should get access to>
(scenario #2)
the dial-up client happily gets access to the treasure, i.e. internal LAN.

#excerpt of ipsec.conf
conn roadwarrior-l2tp
	left=%defaultroute
	leftcert=pegasuscert.pem
	leftnexthop=ip_N # disables scenario #1 and #2 for ip_N where n
{1,2,3,4}!!!!
	right=%any
	leftprotoport=17/1701
	rightprotoport=17/1701
	rightca=%same
	rightsubnet=vhost:%no,%priv
	compress=no
	pfs=no
	#also=roadwarrior
	auto=add

#l2tpd.conf content
#had initially listen_addr=192.168.1.1 in global section +
#DNAT rule for iptables but removed it until issue is resolved
[global]
auth file = /etc/l2tpd/l2tp-secrets
[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.1
require chap = yes
refuse pap = yes
require authentication = yes
name = PegasusVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

In order to not get any nervous breakdown I either get myself some serious
medication or better the right hint to solve this issue....

Thanks guys!

Sigi
-----Original Message-----
From: Jacco de Leeuw [mailto:jacco2 at dds.nl]
Sent: Donnerstag, 14. Juli 2005 20:53
To: Siegfried Fischler
Subject: **SPAM** Re: [Openswan Users]


> conn roadwarrior-l2tp
> 	left=%defaultroute
> 	leftcert=pegasuscert.pem

Could you try this:

         leftnexthop=192.168.0.1

(Or whatever the internal IP address is of your NAT router).

> and now the log showing in the first part the WinXP client session when
> dialing-up into the internet and in the second using a client as well
behind
> a dsl device and during the second session, the client shows the error
> message 678

Are there any log messages by the L2TP daemon?

Jacco
--
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list