[Openswan Users] need help with openswan + l2tp

Reza ISSANY issanyr at olympecti.fr
Tue Apr 7 13:52:29 EDT 2009 

Hello, 

Please forgive me for my bad English, I'm a french people. 

I'm trying to setup an IPSEC + L2TP to permit XP an VISTA laptops to connect 
to the business network. 

I have successfully compile my new kernel with nat-t support, and I'm using the klips stack to communicate. 

I have generate the CA and the ipsec gateway certificate and a .p12 windows certificate. 
I'm testing using a XP SP3 laptop. 

When I connect in local, everything is OK : my laptop can connect, and authentif=cate using the certificate and the l2tp. 

If I try from outside, I can see in logs that the ipsec process is estblished, but l2tp doesn't receive anything from the remote client : 
.... 
Apr 7 19:47:55 integration pluto[24399]: "roadwarrior"[4] 82.229.55.165 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 
Apr 7 19:47:55 integration pluto[24399]: "roadwarrior"[4] 82.229.55.165 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 
Apr 7 19:47:55 integration pluto[24399]: "roadwarrior"[4] 82.229.55.165 #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0ee49cfc <0xf20f1439 xfrm=3DES_0-HMAC_MD5 NATOA=192.168.7.3 NATD=82.229.55.165:4500 DPD=none} 
Apr 7 19:47:55 integration pluto[24399]: packet from 82.229.55.165:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] 
Apr 7 19:47:55 integration pluto[24399]: packet from 82.229.55.165:500: ignoring Vendor ID payload [FRAGMENTATION] 
Apr 7 19:47:55 integration pluto[24399]: packet from 82.229.55.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
Apr 7 19:47:55 integration pluto[24399]: packet from 82.229.55.165:500: ignoring Vendor ID payload [Vid-Initial-Contact] 
... 

And the xl2tpd doesn't log anything in syslog. 

My Network arch : 

openswan 192.168.1.116/24 ------ gateway 192.168.1.1/24 ------- 217.x.x.x ---------------------------------------------------- 82.x.x.x --------- gateway 192.168.7.7/24 ------ 192.168.7.3/24 client laptop 

My config : 

config setup 
nat_traversal=yes 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 
OE=off 
interfaces="ipsec0=eth0" 
protostack=klips 

conn %default 
keyingtries=1 
compress=yes 
disablearrivalcheck=no 
authby=rsasig 
leftrsasigkey=%cert 
rightrsasigkey=%cert 

conn roadwarrior 
type=transport 
left=192.168.1.116 
leftcert=integration.pem 
leftprotoport=17/1701 
right=%any 
rightprotoport=17/%any 
rightsubnet=vhost:%no,%priv 
pfs=no 
auto=add 

Thanks in advance for your help. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090407/7eac2272/attachment.html

More information about the Users mailing list