[Openswan Users] Re: Users Digest, Vol 20, Issue 48
Riccardo Tartari
rikka at tiscali.it
Fri Jul 22 11:50:56 CEST 2005
>
>Jacco de Leeuw wrote:
>
>
>
>>>conn wireless_vpn
>>> authby=secret
>>> pfs=no
>>> #
>>> left=192.168.1.13
>>> leftsubnet=0.0.0.0/0
>>>
>>>
>>Remove this leftsubnet line. It is the L2TP daemon that provides the
>>connectivity to your internal network at 192.168.0.x.
>>
>>
>
>Hey great, IPsec works.
>
>As next, I tried to get l2tp working. Debian sarge has l2tpns and
>freeradius on board. I was able to configure both and l2tpns creates a
>tun0 interface and some routes. But so far the clients are not able to
>connect.
>
>The tun0 interface ip is 192.168.1.11. Is this ok? I think this
>corresponds with the ppp0 192.168.1.99 on your page. What I do not
>understand is how l2tpsn is connectet to the IPsec part.
>
>
>Here my setup and some listings (I changed the IPs a bit):
>
>Client air AP air VPN Gateway
>192.168.2.2 ~~~~~~~~~ 192.168.1.254 ~~~~~~ Debian sarge
>OS X \
> ~ eth1 192.168.2.1
> - eth0 192.168.1.10
> /
> internet ----------- other wired stuff -
>
>
>
>Regards, Beat
>
>
>--------------------------------------------------
># /etc/ipsec.conf - Openswan IPsec configuration file
># RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
>
># This file: /usr/share/doc/openswan/ipsec.conf-sample
>#
># Manual: ipsec.conf.5
>
>
>version 2.0 # conforms to second version of ipsec.conf specification
>
># basic configuration
>config setup
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> # klipsdebug=none
> # plutodebug="control parsing"
> interfaces="ipsec0=eth1"
> uniqueids=no
>
># Add connections here
>
>conn wireless_vpn
> authby=secret
> pfs=no
> keyingtries=3
> #
> left=192.168.2.1
> leftprotoport=udp/l2tp
> #
> right=%any
> rightprotoport=udp/%any
> #
> auto=add
>
>#Disable Opportunistic Encryption
>include /etc/ipsec.d/examples/no_oe.conf
>
>--------------------------------------------------
># /etc/l2tpns/startup-config
>set debug 2
>set log_file "/var/log/l2tpns"
>set pid_file "/var/run/l2tpns.pid"
>set primary_dns 192.168.1.1
>set save_state yes
>set primary_radius 192.168.1.10
>set primary_radius_port 1812
>set radius_accounting yes
>set radius_secret "mysecret"
>set bind_address 192.168.1.11
>set throttle_speed 1024
>set accounting_dir "/var/run/l2tpns/acct"
>set setuid 0
>set dump_speed no
>load plugin "garden"
>load plugin "throttlectl"
>load plugin "autothrottle"
>load plugin "snoopctl"
>load plugin "autosnoop"
>
>--------------------------------------------------
># /etc/l2tpns/ip_pool
>192.168.1.128/25
>
>--------------------------------------------------
># output of ifconfig
>eth0 Link encap:Ethernet HWaddr 00:50:E4:40:CB:31
> inet addr:192.168.1.10 Bcast:192.168.2.255 Mask:255.255.255.0
> inet6 addr: fe80::250:e4ff:fe40:cb31/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:14883 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:2711488 (2.5 MiB)
> Interrupt:42 Base address:0x7000
>
>eth1 Link encap:Ethernet HWaddr 00:09:5B:E5:19:29
> inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
> inet6 addr: fe80::209:5bff:fee5:1929/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:4878 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3279 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:6180674 (5.8 MiB) TX bytes:323310 (315.7 KiB)
> Interrupt:22
>
>lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:237 errors:0 dropped:0 overruns:0 frame:0
> TX packets:237 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:46172 (45.0 KiB) TX bytes:46172 (45.0 KiB)
>
>tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:192.168.1.11 P-t-P:192.168.1.11 Mask:255.255.255.255
> UP POINTOPOINT RUNNING MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
>--------------------------------------------------
># output of netstat --inet -anp
>Active Internet connections (servers and established)
>Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
>tcp 0 0 127.0.0.1:879 0.0.0.0:* LISTEN 1873/pmud
>tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 1661/inetd
>tcp 0 0 127.0.0.1:690 0.0.0.0:* LISTEN 1786/famd
>tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 4691/l2tpns
>udp 0 0 192.168.1.10:1812 0.0.0.0:* 3982/freeradius
>udp 0 0 192.168.1.10:1813 0.0.0.0:* 3982/freeradius
>udp 0 0 192.168.1.10:1814 0.0.0.0:* 3982/freeradius
>udp 0 0 0.0.0.0:32792 0.0.0.0:* 4691/l2tpns
>udp 0 0 192.168.1.11:1701 0.0.0.0:* 4691/l2tpns
>udp 0 0 0.0.0.0:1702 0.0.0.0:* 4691/l2tpns
>udp 0 0 127.0.0.1:500 0.0.0.0:* 4565/pluto
>udp 0 0 192.168.1.10:500 0.0.0.0:* 4565/pluto
>udp 0 0 192.168.2.1:500 0.0.0.0:* 4565/pluto
>
>--------------------------------------------------
># output of route -n
>Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use Iface
>192.168.2.2 192.168.2.2 255.255.255.255 UGH 0 0 0 eth1
>192.168.1.128 0.0.0.0 255.255.255.128 U 0 0 0 tun0
>192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
>192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
>
>--------------------------------------------------
># /var/log/l2tpns
>2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/garden.so
>2005-07-20 23:23:52 00/00 Loaded plugin garden
>2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/throttlectl.so
>2005-07-20 23:23:52 00/00 Loaded plugin throttlectl
>2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/autothrottle.so
>2005-07-20 23:23:52 00/00 Loaded plugin autothrottle
>2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/snoopctl.so
>2005-07-20 23:23:52 00/00 Loaded plugin snoopctl
>2005-07-20 23:23:52 00/00 Loading plugin from /usr/lib/l2tpns/autosnoop.so
>2005-07-20 23:23:52 00/00 Loaded plugin autosnoop
>2005-07-20 23:23:52 00/00 L2TPNS version 2.0.14
>2005-07-20 23:23:52 00/00 Copyright (c) 2003, 2004 Optus Internet Engineering
>2005-07-20 23:23:52 00/00 Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
>2005-07-20 23:23:52 00/00 Set up on interface tun0
>2005-07-20 23:23:52 00/00 Adding IP address range 192.168.1.128/25
>2005-07-20 23:23:52 00/00 Route add 192.168.1.128/255.255.255.128
>2005-07-20 23:23:52 00/00 IP address pool is 127 addresses
>2005-07-20 23:24:06 00/00 Master timed out! Holding election...
>2005-07-20 23:24:06 00/00 I am declaring myself the master!
>2005-07-20 23:24:07 00/00 Warning: Fixed 49998 uninitialized sessions in becoming master!
>
>
>
>
Maybe your tunnel needs two different IP addresses?
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.11 P-t-P:192.168.1.11 Mask:255.255.255.255
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
it has the same on both ends (192.168.1.1).
Richard
More information about the Users
mailing list