[Openswan Users] L2TP over IPsec over WLAN for OS-X Panther and
others ...
Beat Zahnd
beat.zahnd at phim.unibe.ch
Thu Jul 21 14:23:16 CEST 2005
Jacco de Leeuw wrote:
>> conn wireless_vpn
>> authby=secret
>> pfs=no
>> #
>> left=192.168.1.13
>> leftsubnet=0.0.0.0/0
>
> Remove this leftsubnet line. It is the L2TP daemon that provides the
> connectivity to your internal network at 192.168.0.x.
Hey great, IPsec works.
As next, I tried to get l2tp working. Debian sarge has l2tpns and
freeradius on board. I was able to configure both and l2tpns creates a
tun0 interface and some routes. But so far the clients are not able to
connect.
The tun0 interface ip is 192.168.1.11. Is this ok? I think this
corresponds with the ppp0 192.168.1.99 on your page. What I do not
understand is how l2tpsn is connectet to the IPsec part.
Here my setup and some listings (I changed the IPs a bit):
Client air AP air VPN Gateway
192.168.2.2 ~~~~~~~~~ 192.168.1.254 ~~~~~~ Debian sarge
OS X \
~ eth1 192.168.2.1
- eth0 192.168.1.10
/
internet ----------- other wired stuff -
Regards, Beat
--------------------------------------------------
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
interfaces="ipsec0=eth1"
uniqueids=no
# Add connections here
conn wireless_vpn
authby=secret
pfs=no
keyingtries=3
#
left=192.168.2.1
leftprotoport=udp/l2tp
#
right=%any
rightprotoport=udp/%any
#
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
--------------------------------------------------
# /etc/l2tpns/startup-config
set debug 2
set log_file "/var/log/l2tpns"
set pid_file "/var/run/l2tpns.pid"
set primary_dns 192.168.1.1
set save_state yes
set primary_radius 192.168.1.10
set primary_radius_port 1812
set radius_accounting yes
set radius_secret "mysecret"
set bind_address 192.168.1.11
set throttle_speed 1024
set accounting_dir "/var/run/l2tpns/acct"
set setuid 0
set dump_speed no
load plugin "garden"
load plugin "throttlectl"
load plugin "autothrottle"
load plugin "snoopctl"
load plugin "autosnoop"
--------------------------------------------------
# /etc/l2tpns/ip_pool
192.168.1.128/25
--------------------------------------------------
# output of ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:E4:40:CB:31
inet addr:192.168.1.10 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::250:e4ff:fe40:cb31/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:14883 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:2711488 (2.5 MiB)
Interrupt:42 Base address:0x7000
eth1 Link encap:Ethernet HWaddr 00:09:5B:E5:19:29
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::209:5bff:fee5:1929/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4878 errors:0 dropped:0 overruns:0 frame:0
TX packets:3279 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6180674 (5.8 MiB) TX bytes:323310 (315.7 KiB)
Interrupt:22
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:237 errors:0 dropped:0 overruns:0 frame:0
TX packets:237 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:46172 (45.0 KiB) TX bytes:46172 (45.0 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.11 P-t-P:192.168.1.11 Mask:255.255.255.255
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
--------------------------------------------------
# output of netstat --inet -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:879 0.0.0.0:* LISTEN 1873/pmud
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 1661/inetd
tcp 0 0 127.0.0.1:690 0.0.0.0:* LISTEN 1786/famd
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 4691/l2tpns
udp 0 0 192.168.1.10:1812 0.0.0.0:* 3982/freeradius
udp 0 0 192.168.1.10:1813 0.0.0.0:* 3982/freeradius
udp 0 0 192.168.1.10:1814 0.0.0.0:* 3982/freeradius
udp 0 0 0.0.0.0:32792 0.0.0.0:* 4691/l2tpns
udp 0 0 192.168.1.11:1701 0.0.0.0:* 4691/l2tpns
udp 0 0 0.0.0.0:1702 0.0.0.0:* 4691/l2tpns
udp 0 0 127.0.0.1:500 0.0.0.0:* 4565/pluto
udp 0 0 192.168.1.10:500 0.0.0.0:* 4565/pluto
udp 0 0 192.168.2.1:500 0.0.0.0:* 4565/pluto
--------------------------------------------------
# output of route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.2 192.168.2.2 255.255.255.255 UGH 0 0 0 eth1
192.168.1.128 0.0.0.0 255.255.255.128 U 0 0 0 tun0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
--------------------------------------------------
# /var/log/l2tpns
2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/garden.so
2005-07-20 23:23:52 00/00 Loaded plugin garden
2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/throttlectl.so
2005-07-20 23:23:52 00/00 Loaded plugin throttlectl
2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/autothrottle.so
2005-07-20 23:23:52 00/00 Loaded plugin autothrottle
2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/snoopctl.so
2005-07-20 23:23:52 00/00 Loaded plugin snoopctl
2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/autosnoop.so
2005-07-20 23:23:52 00/00 Loaded plugin autosnoop
2005-07-20 23:23:52 00/00 L2TPNS version 2.0.14
2005-07-20 23:23:52 00/00 Copyright (c) 2003, 2004 Optus Internet Engineering
2005-07-20 23:23:52 00/00 Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
2005-07-20 23:23:52 00/00 Set up on interface tun0
2005-07-20 23:23:52 00/00 Adding IP address range 192.168.1.128/25
2005-07-20 23:23:52 00/00 Route add 192.168.1.128/255.255.255.128
2005-07-20 23:23:52 00/00 IP address pool is 127 addresses
2005-07-20 23:24:06 00/00 Master timed out! Holding election...
2005-07-20 23:24:06 00/00 I am declaring myself the master!
2005-07-20 23:24:07 00/00 Warning: Fixed 49998 uninitialized sessions in becoming master!
--
Beat ZAHND
Physics Institute
University of Bern phone +41 31 631 3466
Sidlerstrasse 5 fax +41 31 631 4405
CH-3012 Bern (Switzerland) mailto:beat.zahnd at phim.unibe.ch
More information about the Users
mailing list