[Openswan Users] Linux L2TP client behind NAT

Gbenga stjames08 at yahoo.co.uk
Sun Aug 19 08:53:04 EDT 2007 

Hi All,
I would be grateful if anyone can assist here.  I have a linux l2tp client with Openswan 2.4.9 that need to connect another Openswan 2.4.7 VPN/L2TP server. Both netkey
The IPSec SA connects ok but I have never been able to complete the l2tp connect part. I have followed the instruction at http://www.jacco2.dds.nl/networking/linux-l2tp.html to the full but no success.
This is not for lack of trying, I have been at it for 2 days now. If anyone has had any success setting up the same configuration: linux l2tp client -> linux vpn/l2tpd server [both behind nat], I will appreciate your opinion.
The vpn/l2tpd server is working very well with other clients [win xp/2k].  xl2tpd is version xl2tpd-1.1.11
These are error msg I keep getting in the deamon.log:
Aug 19 01:11:53 laptop xl2tpd[20063]: Connecting to host 10.10.1.57, port 1701 
Aug 19 01:11:58 laptop xl2tpd[20063]: Maximum retries exceeded for tunnel 19804.  Closing. 
Aug 19 01:11:58 laptop xl2tpd[20063]: Connection 0 closed to 10.10.1.57, port 1701 (Timeout) 
Aug 19 01:12:03 laptop xl2tpd[20063]: Unable to deliver closing message for tunnel 19804. Destroying anyway. 
Many Thanks, 
Gbenga
ipsec.conf [client]
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
        plutodebug = "none"
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        #
        # enable this if you see "failed to find any available worker"
#       nhelpers=0
# Add connections here
conn syseng-lan
        type=transport
        left=%defaultroute
        leftrsasigkey=%cert
        leftcert=osogbetun1.pem
        leftid="/C=IE/ST=Dublin/O=Networks/OU=Systems Eng/CN=Gbenga Sogbetun/emailAddress=o"
        leftprotoport=17/1701
        right=193.x.x.x
        rightrsasigkey=%cert
        rightid="C=IE/ST=Dublin/O=Networks/OU=Systems Eng/CN=Syseng VPN Cert/emailAddress=syseng
@esat.com"
        rightprotoport=17/%any
        leftca="C=IE/O=Networks/OU=Systems Eng/ST=Dublin/L=Dundrum/CN=Systems Eng CA/emailAddres
s="
        rekey=no
        keyingtries=3
        pfs=yes
        auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
/etc/ppp/option.l2tpd.client file:
/etc/ppp/option.l2tipcp-accept-local
ipcp-accept-remote
refuse-eap
noccp
noauth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
#proxyarp
connect-delay 5000
/etc/xl2tpd/xl2tpd.conf file:[global]
listen-addr = 0.0.0.0
port = 1701
[lac vpnx]
lns = 10.10.1.57
require chap = yes
require pap = no
require authentication = yes
; Name should be the same as the username in the PPP authentication!
name = ppp-name
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes


      ___________________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/

More information about the Users mailing list