[Openswan Users] New to OpenSWAn and some problems

Alain JUPIN ajupin at jupin.net
Thu Jun 26 06:54:52 EDT 2008 

Hi everybody

I'm French (so my english is not perfect) and new user of OpenSWAN.

This is my project. I want to have a VPN server to share docs etc .... 
The clients are mainly Windows 2000/XP/Vista and some MacOSX and a few 
Linux clients.

For that I've a dedicated server hosted by OVH running Debian Etch and 
of course OpenSWAN (Linux Openswan U2.4.6/K2.6.24.2-xxxx-std-ipv6-32 
(netkey))

I'm not sure but it seems that I must have L2TP and connect using PSK. 
Am I wrong ?
So I've tried to follow this : 
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html

Does the roadwarrior mode be better for me ?

(if you have anyother tutorial for configuring openswan I'll be happy)

For information this my ipsec.conf file

version    2.0    # conforms to second version of ipsec.conf specification

# basic configuration
config setup
    # plutodebug / klipsdebug = "all", "none" or a combation from below:
    # "raw crypt parsing emitting control klips pfkey natt x509 private"
    # eg:
    # plutodebug="control parsing"
    #
    # Only enable klipsdebug=all if you are a developer
    #
    # NAT-TRAVERSAL support, see README.NAT-Traversal
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    #
    # enable this if you see "failed to find any available worker"
    nhelpers=0

# Add connections here

conn L2TP-PSK
    #
    # Configuration for one user with any type of IPsec/L2TP client
    # including the updated Windows 2000/XP (MS KB Q818043), but
    # excluding the non-updated Windows 2000/XP.
    #
    #
    # Use a Preshared Key. Disable Perfect Forward Secrecy.
    #
    # PreSharedSecret needs to be specified in /etc/ipsec.secrets as
    # YourIPAddress  %any: "sharedsecret"
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    # we cannot rekey for %any, let client rekey
    rekey=no
    type=transport
    #
    left=serveripaddress
    # or you can use: left=YourIPAddress
    #
    # For updated Windows 2000/XP clients,
    # to support old clients as well, use leftprotoport=17/%any
    leftprotoport=17/1701
    #
    # The remote user.
    #
    right=clientipaddress
    rightprotoport=17/1701

# sample VPN connections, see /etc/ipsec.d/examples/

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

and my ipsec.secrets
serveripaddress clientipaddress : PSK "mysharedkey"

When I start IPSEC all seems to be OK
ipsec_setup: Starting Openswan IPsec U2.4.6/K2.6.24.2-xxxx-std-ipv6-32...

but when I do # ipsec auto --up L2TP-PSK nothing appen for a few minutes 
and after I've this
104 "L2TP-PSK" #1: STATE_MAIN_I1: initiate
010 "L2TP-PSK" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "L2TP-PSK" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
031 "L2TP-PSK" #1: max number of retransmissions (2) reached 
STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE 
message
000 "L2TP-PSK" #1: starting keying attempt 2 of at most 3, but releasing 
whack
(no more info regardless to system log files)

But I don't see what is bad !!!!
Can you help me ?



Thanks a lot

-- 
Alain

More information about the Users mailing list