[Openswan Users] ipsec / l2tpd + iptables ?
Reza ISSANY
issanyr at laposte.net
Mon Nov 27 18:26:45 EST 2006
When I initiate a connection, I have a ppp0 that appears.
The connection works : I can ping the remote l2tpd gateway, remote DNS
server,
but I can not access to internet.
I'll try tomorrow to do a tcpdump. Do I have to add any routes to
activate internet
to remote clients ?
thanks for your help.
azer.
Paul Wouters a écrit :
> On Mon, 27 Nov 2006, Reza ISSANY wrote:
>
>
>> No, this is my config :
>>
>
>
>> # basic configuration
>> config setup
>> interfaces="ipsec0=eth0"
>> nat_traversal=yes
>> virtual_private=%v4:!172.16.7.0/16,%v4:192.168.7.0/24
>> klipsdebug=none
>> plutodebug=all
>>
>
> disable that plutodebug line.
>
>
>> conn %default
>> left=88.191.35.181
>>
>> # Add connections here
>> conn xp
>> keyingtries=1
>> compress=no
>> disablearrivalcheck=no
>> authby=rsasig
>> leftrsasigkey=%cert
>> rightrsasigkey=%cert
>> leftcert=integration.pem
>> leftprotoport=17/1701
>> leftnexthop=88.191.35.1
>> right=%any
>> rightca=%same
>> rightprotoport=17/1701
>> rightsubnet=vhost:%no,%priv
>> pfs=no
>> auto=add
>>
>> #Disable Opportunistic Encryption
>> include /etc/ipsec.d/examples/no_oe.conf
>>
>
> Ok, so you are trying to use l2tp. Check the logs. do you get an IPsec SA established?
> If not, the IPsec part is not working.
>
> If you do, the next step is to check the server for ppp interfaces. If you don't get one,
> the L2TP part is not working.
>
> If you do ge ta ppp interfaces, then check Windows to see if you got an interfaces there.
> If you did. Try and ping the gateway. If that works, ping something else and tcpdump
> the packets on the gateway to see if you have a routing/firewall issue.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061128/395a56f8/attachment.html
More information about the Users
mailing list