[Openswan Users] ipsec / l2tpd + iptables ?
Paul Wouters
paul at xelerance.com
Tue Nov 28 00:14:47 EST 2006
On Tue, 28 Nov 2006, Reza ISSANY wrote:
> When I initiate a connection, I have a ppp0 that appears.
> The connection works : I can ping the remote l2tpd gateway, remote DNS server,
> but I can not access to internet.
>
> I'll try tomorrow to do a tcpdump. Do I have to add any routes to activate
> internet
> to remote clients ?
run ipsec verify on the server. Check forwarding, check for bogus redirects, check
for firewall rules, check for NAT, and check if the gateway can reach the internet
on its "l2tp pool" IP address using 'ping -I sourceip www.google.com'
Paul
> thanks for your help.
>
> azer.
>
> Paul Wouters a écrit :
> > On Mon, 27 Nov 2006, Reza ISSANY wrote:
> >
> >
> > > No, this is my config :
> > >
> >
> >
> > > # basic configuration
> > > config setup
> > > interfaces="ipsec0=eth0"
> > > nat_traversal=yes
> > > virtual_private=%v4:!172.16.7.0/16,%v4:192.168.7.0/24
> > > klipsdebug=none
> > > plutodebug=all
> > >
> >
> > disable that plutodebug line.
> >
> >
> > > conn %default
> > > left=88.191.35.181
> > >
> > > # Add connections here
> > > conn xp
> > > keyingtries=1
> > > compress=no
> > > disablearrivalcheck=no
> > > authby=rsasig
> > > leftrsasigkey=%cert
> > > rightrsasigkey=%cert
> > > leftcert=integration.pem
> > > leftprotoport=17/1701
> > > leftnexthop=88.191.35.1
> > > right=%any
> > > rightca=%same
> > > rightprotoport=17/1701
> > > rightsubnet=vhost:%no,%priv
> > > pfs=no
> > > auto=add
> > >
> > > #Disable Opportunistic Encryption
> > > include /etc/ipsec.d/examples/no_oe.conf
> > >
> >
> > Ok, so you are trying to use l2tp. Check the logs. do you get an IPsec SA
> > established?
> > If not, the IPsec part is not working.
> >
> > If you do, the next step is to check the server for ppp interfaces. If you
> > don't get one,
> > the L2TP part is not working.
> >
> > If you do ge ta ppp interfaces, then check Windows to see if you got an
> > interfaces there.
> > If you did. Try and ping the gateway. If that works, ping something else and
> > tcpdump
> > the packets on the gateway to see if you have a routing/firewall issue.
> >
> > Paul
> >
>
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list