[Openswan Users] unable to get phase two
Paul Wouters
paul at xelerance.com
Fri Apr 24 17:13:40 EDT 2009
On Thu, 23 Apr 2009, Michael Di Domenico wrote:
> i've been battling with openswan for the last few hours and i'm not
> sure if i've actually made any progress or not. i've got a window xp
> laptop at 192.168.1.4 and a linux machine at 192.168.1.50, which also
> has a second nic card in it at 192.168.0.50. I'm trying to connect
> the windows laptop via l2tp ipsec to the linux machine and have the
> windows laptop show up as a host on the 192.168.0.50 network.
> config setup
> protostack=netkey
> nat_traversal=yes
> interfaces=%defaultroute
NOte if that has to work for clients behind NAT later on, you need a
virtual_private= line there as well.
> conn client
> authby=secret
> auto=add
> pfs=no
> left=192.168.1.50
> leftsubnet=192.168.1.50/32
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/1701
And a rightsubnet=vhost:%priv,%no here
> Apr 23 20:13:53 orange pluto[14995]: Starting Pluto (Openswan Version
> 2.6.14; Vendor ID OEoSJUweaqAX) pid:14995
Downgrade to 2.4.14 if this needs to work with NAT, until bug #1004 is
fixed in the 2.6.x series.
> STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x43343cdc
> <0x7e376ecc xfrm=3DES_0-HMAC_MD5 NATOA=<invalid>NATD=<invalid>:500
> DPD=enabled}
So the IPsec part worked.
> Apr 23 20:14:42 orange pluto[14995]: "client"[1] 192.168.1.4 #1:
> received Delete SA(0x43343cdc) payload: deleting IPSEC State #2
But it hung up on you, probably due to l2to not working properly. So
look at xl2tpd's log messages.
Paul
More information about the Users
mailing list