[Openswan Users] L2TP/IPsec with PSK on Debian
Wojciech Sobczak
wojciech.sobczak at cadc.pl
Mon Nov 28 00:55:31 CET 2005
> On Sun, Nov 27, 2005 at 08:50:01PM +0100, Wojciech Sobczak wrote:
>
>> i'm trying to establish connection between openswan and windowsXP
>> i'm using PSK, and configured everything based on great articles from http://www.jacco2.dds.nl/networking/freeswan-l2tp.htm site
>> (using kernel 2.4.32 with nat-t patch on debian system) but as for now i have roadwarrior winxp client and openswan server not NAT'ed (windows with sp2 and natt patches)
>> the problem is that i cannot connect (ipsec part)
>
> The IPsec part seems to be working, it is the L2TP part that
> times out. Did you look at the L2TP logs? What L2TP server are
> you using? Can you post your configuration file?
of course here it is
i'm using l2tpd from debian package, version 0.69
logs:
Nov 28 01:45:45 localhost l2tpd[5222]: This binary does not support kernel L2TP.
Nov 28 01:45:45 localhost l2tpd[5223]: l2tpd version 0.69 started on vpngw PID:5223
Nov 28 01:45:45 localhost l2tpd[5223]: Linux version 2.4.32 on a i686, listening on IP address 0.0.0.0, port 1701
and that's all, that why i was thinking a ipsec part is broken
/etc/l2tpd/l2tpd.conf
[global]
port = 1701
[lns default]
ip range = 10.218.134.180-10.218.134.190
local ip = 10.218.134.179
require chap = yes
refuse pap = yes
require authentication = yes
hostname = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
/etc/ppp/options.l2tpd
ipcp-accept-local
ipcp-accept-remote
auth
crtscts
idle 1800
mtu 1400
mru 1400
nodefaultroute
nodetach
debug
lock
proxyarp
connect-delay 5000
/etc/ppp/chap-secrets
testuser * "testpass" 10.218.134.188/24
* testuser "testpass" 10.218.134.188/24
ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:50:BA:53:73:6B
inet addr:217.96.x.xx Bcast:217.96.x.xx Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13965 errors:0 dropped:0 overruns:0 frame:0
TX packets:8758 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1403021 (1.3 MiB) TX bytes:3880924 (3.7 MiB)
Interrupt:11 Base address:0xe400
eth1 Link encap:Ethernet HWaddr 00:80:1E:15:11:44
inet addr:10.218.134.184 Bcast:10.255.255.255 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4138 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:513725 (501.6 KiB) TX bytes:0 (0.0 b)
Interrupt:10
gre0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec0 Link encap:Ethernet HWaddr 00:50:BA:53:73:6B
inet addr:217.96.2.245 Mask:255.255.255.248
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:75 errors:0 dropped:40 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:22047 (21.5 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tunl0 Link encap:IPIP Tunnel HWaddr
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>> when i connect roadwarrior to 217.96.x.x network everything works fine....
>
> What do you mean with this? What is the difference?
it looks like this:
winxp(external address ADSL conection) <----> internet <-----> router <----> openswan <----> internal network
and this is not working but when i will connect winxp betwen router and openswan, everything is OK ipsec part l2tp part etc.
Best regards
Sobczak Wojciech
More information about the Users
mailing list