[Openswan Users] Basic help with configuration of L2TP/IPSEC
[SOLVED]
Gbenga
stjames08 at yahoo.co.uk
Mon Jul 3 16:13:04 CEST 2006
Hi All,
Thank you to Paul. I have been able to figure this out. I ran l2tpd with -D option, there on the screen was an error that l2tpd cannot read my /etc/ppp/options.ltpd file. Obviously, there was a typo, it should be "options.l2tpd". Fixed that and everything works like they should.
Thanks again.
Gbenga
----- Original Message ----
From: Gbenga <stjames08 at yahoo.co.uk>
To: users at openswan.org
Sent: Friday, 30 June, 2006 9:41:06 PM
Subject: Re: [Openswan Users] Basic help with configuration of L2TP/IPSEC
HI Paul/list,
Thanks, I get the l2tpd working, ut I have a new problem. I cannot seem to be able to complete the authentication; windows client keep dying at verifying username and password. I did google and some site mentioned that I have to open GRE port/protocol on the firewall.
I got the following in the daemon.log file
Jun 30 21:30:07 aparo l2tpd[3639]: control_finish: Peer requested tunnel 28 twice, ignoring second one.
Jun 30 21:30:07 aparo l2tpd[3639]: Connection established to 193.95.xxx.xxx, 1701. Local: 39075, Remote: 28. LNS session is 'default'
Jun 30 21:30:07 aparo l2tpd[3639]: Call established with 193.95.xxx.xxx, Local: 47035, Remote: 1, Serial: 0
Jun 30 21:30:07 aparo l2tpd[3639]: control finish: connection closed to 193.95.xxx.xxx, serial 0 ()
Jun 30 21:30:07 aparo l2tpd[3639]: control finish: Peer tried to disconnect with invalid TID (28 != 39075)
Jun 30 21:30:07 aparo l2tpd[3639]: Maximum retries exceeded for tunnel 39075. Closing.
Jun 30 21:30:07 aparo l2tpd[3639]: Connection 28 closed to 193.95.xxx.xxx, port 1701 (Timeout)
Jun 30 21:30:07 aparo l2tpd[3639]: Unable to deliver closing message for tunnel 39075. Destroying anyway.
Any clues?
Thanks again,
Gbenga
----- Original Message ----
From: Paul Wouters <paul at xelerance.com>
To: Gbenga <stjames08 at yahoo.co.uk>
Cc: users at openswan.org
Sent: Thursday, 29 June, 2006 11:17:34 PM
Subject: Re: [Openswan Users] Basic help with configuration of L2TP/IPSEC
On Thu, 29 Jun 2006, Gbenga wrote:
> Thanks very much Paul, but I already have this in my /etc/l2tpd/l2tpd.conf & /etc/l2tp/l2tpd.conf:
>
> [global]
> listen-addr = 10.10.3.129
>
> [lns default]
> ip range = 10.10.3.128 - 10.10.3.250
> local ip = =10.10.3.130
The listen-addr should be your public IP address, not an address within the range that you
are assigning for l2tp tunnels. (Unless you are using complex port forwarding). You should
also not put local ip within the range of ip range.
Paul
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list