[Openswan Users] ipsec verify problem

Paul Wouters paul at xelerance.com
Tue Sep 19 10:47:42 EDT 2006


On Tue, 19 Sep 2006, ram wrote:

> iam process of reading docs and trying to setup my vpn connection inside
> office for testing
> then later move to production

Remember you cannot do l2tp from the same subnet that hands out IP addresses,
or you would end up with two IP addresses from the same range on your laptop.

> 1. installed FC4
> 2. installed openwan 2.4
> 3. ppp installed
> 4. install l2tpd 0.69-13

Use xl2tpd instead of l2tpd.

>       nat_traversal=yes
>
> #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12

This means NAT-T is disabled(!)

> conn l2tp-psk
>       pfs=no
>       left=myiprange

That should be your gateway's IP, not a "range"

> l2tpd.conf
> -----------------
>
> [global]
> listen-addr = Public ip of the VPN Server
>
> [lns default]
> ip range = Publicpool.18-publicpool.23
> local ip = public ip other than VPN Server IP

It is really confusing if you rewrite your config to anonymize.
local ip MUST BE the ip within the IP range you hand out to your
clients. This is normally NOT a public ip.

> Sep 19 16:45:12 vpn pluto[2495]: packet from mylaptopip:500: received Vendor
> ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Sep 19 16:45:12 vpn pluto[2495]: packet from mylaptopip:500: initial Main
> Mode message received on myvpnip:500 but no connection has been authorized

You rconnection did not load, or was rejected due to NAT being disabled. Try
ipsec auto -- add yourconnname and see what the error says.

Paul


More information about the Users mailing list