[Openswan Users] Newbie have , problems with PSK

John Joseph jjk_saji at yahoo.com
Sun Sep 17 09:54:40 EDT 2006 

--- Paul Wouters <paul at xelerance.com> wrote:

> On Sun, 17 Sep 2006, John Joseph wrote:
> 
> >      Thanks , I added the "protoport" lines , now
> my
> 
> >
> > conn l2tp-psk
> >         pfs=no
> >         left=192.168.242.100
> >         leftnexthop=192.168.242.1
> >         leftprotoport=17/1701
> >         right=%any
> >         rightprotoport=17/1701
> >         #right=192.168.242.135
> >         auto=add
> 
> add a rightsubnet=vhost:%no,%priv.
> 
> >   My XP , client , i get error no 678 , one my
> client
> > VPN
> 
>
http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html
> 
> Paul
> 

Thanks   Paul 
           thanks , I did check the  url 
“http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html”


Error 678, I checked for the different possiblity .
    since I am getting the log in secure file , I can
conclude that IP address which is given is correct 
    My PSK value is correct , I  did the entry at
different instance , to make sure it correct, 

  I started l2tpd with -D options , I get 

"l2tpd[4511]: ourcid = 55308, entropy_buf = d80c
l2tpd[4511]: check_control: control, cid = 0, Ns = 0,
Nr = 0
l2tpd[4511]: ourtid = 40829, entropy_buf = 9f7d
l2tpd[4511]: ourcid = 1601, entropy_buf = 641
l2tpd[4511]: check_control: control, cid = 0, Ns = 0,
Nr = 0
l2tpd[4511]: control_finish: Peer requested tunnel 22
twice, ignoring second one.
l2tpd[4511]: ourtid = 59857, entropy_buf = e9d1
l2tpd[4511]: ourcid = 4881, entropy_buf = 1311
l2tpd[4511]: check_control: control, cid = 0, Ns = 0,
Nr = 0
l2tpd[4511]: control_finish: Peer requested tunnel 22
twice, ignoring second one.
l2tpd[4511]: ourtid = 26194, entropy_buf = 6652
l2tpd[4511]: ourcid = 17399, entropy_buf = 43f7
l2tpd[4511]: check_control: control, cid = 0, Ns = 0,
Nr = 0
l2tpd[4511]: control_finish: Peer requested tunnel 22
twice, ignoring second one.
l2tpd[4511]: Maximum retries exceeded for tunnel
32310.  Closing.
l2tpd[4511]: Connection 22 closed to 192.168.242.135,
port 1701 (Timeout)
l2tpd[4511]: Unable to deliver closing message for
tunnel 32310. Destroying anyway.
l2tpd[4511]: ourtid = 30645, entropy_buf = 77b5
l2tpd[4511]: ourcid = 15163, entropy_buf = 3b3b
l2tpd[4511]: check_control: control, cid = 0, Ns = 0,
Nr = 0
l2tpd[4511]: Maximum retries exceeded for tunnel
30645.  Closing.
l2tpd[4511]: Connection 22 closed to 192.168.242.135,
port 1701 (Timeout)
l2tpd[4511]: ourtid = 42285, entropy_buf = a52d
l2tpd[4511]: ourcid = 54285, entropy_buf = d40d
l2tpd[4511]: check_control: control, cid = 0, Ns = 0,
Nr = 0
l2tpd[4511]: control_finish: Peer requested tunnel 22
twice, ignoring second one.
l2tpd[4511]: Unable to deliver closing message for
tunnel 30645. Destroying anyway"
*************

Also , when I give ifcnfig at the VPN server , I am
only getting info about "eth0", "eth1" and "lo" ,
There is no info about "ipsec" interface

**************
"ipsec setup status " shows
[root at psa ~]# ipsec setup status
IPsec running  - pluto pid: 4377
pluto pid 4377
No tunnels up
****************
"options.12ltpd "
[root at psa ~]# cat /etc/ppp/options.l2tpd
require-mschap-v2
ipcp-accept-local
ipcp-accept-remote
ms-dns  192.168.20.15
ms-dns  192.168.20.15
ms-wins 192.168.20.15
ms-wins 192.168.20.15
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
**************************************
/etc/ipsec.conf 

[root at psa ~]# cat /etc/ipsec.conf
version 2.0
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        nat_traversal=yes
       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12

conn %default
        keyingtries=3
        compress=yes
        disablearrivalcheck=no
        authby=secret
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m

conn l2tp-psk
        pfs=no
        left=192.168.242.100
        leftnexthop=192.168.242.1
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        #right=192.168.242.135
        rightsubnet=vhost:%no,%priv
        auto=add


#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
*******************************************************************
                       In my case , is the error "678"
because of any network issue , firewall is disabled in
XP vpn client, On VPN server 
   " route -n "  shows 

[root at psa ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags
Metric Ref    Use Iface
192.168.242.0   0.0.0.0         255.255.255.0   U    
0      0        0 eth0
192.168.20.0    0.0.0.0         255.255.255.0   U    
0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U    
0      0        0 eth1
0.0.0.0         192.168.20.10   0.0.0.0         UG   
0      0        0 eth1

                           Guidance requested 
                               thanks 
                                 Joseph John 



 






	
	
		
___________________________________________________________ 
All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine 
http://uk.docs.yahoo.com/nowyoucan.html

More information about the Users mailing list