[Openswan Users] Road warrior VPN - help

Brian Hoover brianh at vidar.com
Thu Nov 17 18:51:27 CET 2005


Jacco de Leeuw wrote:
> Brian Hoover wrote:
> 
>> I am working with openswan / l2tpd for the first time.  The goal is
>> set-up VPN connectivity for M$ clients.
> 
>> 	FC4 - 2.6.12-1.1447_FC4
>> 	openswan-2.4.0-1
>> 	openswan-klips-2.4.0-2.6.12_1.1447_FC4_1
> 
> I'm not sure what the status is of KLIPS on this FC4 kernel (things
> are in a flux at the moment) but if this is just a test setup then
> I'd say that NETKEY is probably easier to get started.  
> 
>> The configuration is from Nate Carlson's examples.
> 
> There are some issues in these examples, but for a quick test they
> should work. 
> 
> Could you post your ipsec.conf and l2tpd.conf? And the l2tpd debug
> log (often to be found in /var/log/messages)? 

I had missed the l2tpd debug. I found:
call_close : Connection 3 closed to a.b.255.2, port 1701 (Timeout)
So I removed the firewall completely. I'll work that out later.

> 
>> pluto[4314]: "roadwarrior-l2tp"[2] a.b.255.2 #1: received Delete SA
> 
> Windows is hanging up. Does it say why?

"Error 678 The remote computer did not respond"

> Could be an error in l2tpd.conf or a PPP password problem.
> 
> Jacco

Thanks for the help, I'm connected but the XP box won't ping the lan. 
Do I need to customize ip-up?  
My linux experience is expanding but still I'm just a novice.

Thanks again,
Brian


ipsec.conf:

version 2.0     # conforms to second version of ipsec.conf specification

config setup
        interfaces=%defaultroute
        nat_traversal=yes
 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        pfs=no

conn roadwarrior-net
        leftsubnet=192.168.0.0/24
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=fw03.vidar.com.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-l2tp
        type=transport
        left=%defaultroute
        leftcert=fw03.vidar.com.pem
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        pfs=no
        auto=add

conn roadwarrior-l2tp-oldwin
        left=%defaultroute
        leftcert=fw03.vidar.com.pem
        leftprotoport=17/0
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        pfs=no
        auto=add

/*/*/*/* END ipsec.conf /*/*/*/*/*/*/*

l2tpd.conf:

[global]
auth file = /etc/l2tpd/l2tp-secrets

[lns default]
ip range = 192.168.0.240-192.168.0.250
local ip = 192.168.0.254
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

/*/*/*/* END l2tpd.conf /*/*/*/*/*/*/*


More information about the Users mailing list