[Openswan Users] ipsec with xl2tpd
Paul Wouters
paul at xelerance.com
Tue Nov 18 12:30:56 EST 2008
On Tue, 18 Nov 2008, Issany Reza wrote:
> Now I'm using KLIPS and i'll try to get functionnal L2TP.
> The server only have one address (the public one). I have created a vitual
> interface (eth1:1)
> - Public Adress : 88.191.91.113/24 - network 88.191.91.0/24
> - Virtal Address : 192.168.10.45/24 - network 192.168.10.0/24
> config setup
> nat_traversal=yes
> virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:88.191.91.0/24,%v4:192.168.10.0/2
You would need to *exclude* 192.168.10.0/24 using %v4:!192.168.10.0/24
> conn roadwarrior-xp
> type=transport
> left=88.191.91.113
> leftcert=vpn.olympecti.fr.pem
> leftprotoport=17/1701
> right=%any
> rightsubnet=vhost:%no,%priv
> rightprotoport=17/1701
> pfs=no
> auto=add
>
> l2tpd.conf :
> [global]
> port = 1701
> listen-addr = 88.191.91.113
> debug tunnel = yes
>
> [lns default]
> ip range = 192.168.10.10-192.168.10.20
> local ip = 192.168.10.1
> length bit = yes
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = OCTIVPN
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd.lns
>
> options.l2tpd.lns :
>
> ipcp-accept-local
> ipcp-accept-remote
> noipdefault
> require-chap
> connect-delay 5000
> noccp
> noauth
> idle 1800
> mtu 1410
> mru 1410
I would lower mtu/mru to 1200 or so.
> When I initiate the connection from my windows client (that have the cert
> .p12, I have these logs (and a 678 error in windows XP SP2) :
> Nov 18 18:02:31 zola pluto[8532]: packet from 217.128.239.224:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Nov 18 18:02:31 zola pluto[8532]: packet from 217.128.239.224:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> Nov 18 18:02:31 zola pluto[8532]: packet from 217.128.239.224:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port
> floating is off
You did not apply the nat-t patch?
> Nov 18 18:02:31 zola pluto[8532]: "roadwarrior-xp"[2] 217.128.239.224 #2:
> STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x2aaabe58
> <0xe9e861b8 xfrm=3DES_0-HMAC_MD5 NATOA=<invalid> NATD=<invalid>:500
> DPD=enabled}
You got ipsec up
> Nov 18 18:03:06 zola pluto[8532]: "roadwarrior-xp"[2] 217.128.239.224 #1:
> received Delete SA(0x2aaabe58) payload: deleting IPSEC State #2
30 seconds later Windows disconnects.
> How could I fix the problem ?
Did you see anything from xl2tpd? incoming tunnel? Did the user
authenticate? How did you configure the l2tp connection?
Paul
More information about the Users
mailing list