[Openswan Users] ipsec / l2tpd + iptables ?

Reza ISSANY issanyr at laposte.net
Tue Nov 28 05:00:48 EST 2006 

Hi,

Here it is my ipsec verify command results :

root at integration:~# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.7/K2.6.18.3dedibox_r6_final (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

Any idea to activate Internet on vpn l2tpd clients ?

Paul Wouters a écrit :
> On Tue, 28 Nov 2006, Reza ISSANY wrote:
>
>   
>> When I initiate a connection, I have a ppp0 that appears.
>> The connection works : I can ping the remote l2tpd gateway, remote DNS server,
>> but I can not access to internet.
>>
>> I'll try tomorrow to do a tcpdump. Do I have to add any routes to activate
>> internet
>> to remote clients ?
>>     
>
> run ipsec verify on the server. Check forwarding, check for bogus redirects, check
> for firewall rules, check for NAT, and check if the gateway can reach the internet
> on its "l2tp pool" IP address using 'ping -I sourceip www.google.com'
>
> Paul
>
>   
>> thanks for your help.
>>
>> azer.
>>
>> Paul Wouters a écrit :
>>     
>>> On Mon, 27 Nov 2006, Reza ISSANY wrote:
>>>
>>>
>>>       
>>>> No, this is my config :
>>>>
>>>>         
>>>       
>>>> # basic configuration
>>>> config setup
>>>>        interfaces="ipsec0=eth0"
>>>>        nat_traversal=yes
>>>>        virtual_private=%v4:!172.16.7.0/16,%v4:192.168.7.0/24
>>>>        klipsdebug=none
>>>>        plutodebug=all
>>>>
>>>>         
>>> disable that plutodebug line.
>>>
>>>
>>>       
>>>> conn %default
>>>>        left=88.191.35.181
>>>>
>>>> # Add connections here
>>>> conn xp
>>>>        keyingtries=1
>>>>        compress=no
>>>>        disablearrivalcheck=no
>>>>        authby=rsasig
>>>>        leftrsasigkey=%cert
>>>>        rightrsasigkey=%cert
>>>>        leftcert=integration.pem
>>>>        leftprotoport=17/1701
>>>>        leftnexthop=88.191.35.1
>>>>        right=%any
>>>>        rightca=%same
>>>>        rightprotoport=17/1701
>>>>        rightsubnet=vhost:%no,%priv
>>>>        pfs=no
>>>>        auto=add
>>>>
>>>> #Disable Opportunistic Encryption
>>>> include /etc/ipsec.d/examples/no_oe.conf
>>>>
>>>>         
>>> Ok, so you are trying to use l2tp. Check the logs. do you get an IPsec SA
>>> established?
>>> If not, the IPsec part is not working.
>>>
>>> If you do, the next step is to check the server for ppp interfaces. If you
>>> don't get one,
>>> the L2TP part is not working.
>>>
>>> If you do ge ta ppp interfaces, then check Windows to see if you got an
>>> interfaces there.
>>> If you did. Try and ping the gateway. If that works, ping something else and
>>> tcpdump
>>> the packets on the gateway to see if you have a routing/firewall issue.
>>>
>>> Paul
>>>
>>>       
>>     
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061128/124cf79b/attachment.html

More information about the Users mailing list