[Openswan Users] unable to get phase two
Michael Di Domenico
mdidomenico4 at gmail.com
Wed Apr 29 09:17:30 EDT 2009
On Fri, Apr 24, 2009 at 5:13 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 23 Apr 2009, Michael Di Domenico wrote:
>
>> i've been battling with openswan for the last few hours and i'm not
>> sure if i've actually made any progress or not. i've got a window xp
>> laptop at 192.168.1.4 and a linux machine at 192.168.1.50, which also
>> has a second nic card in it at 192.168.0.50. I'm trying to connect
>> the windows laptop via l2tp ipsec to the linux machine and have the
>> windows laptop show up as a host on the 192.168.0.50 network.
>
>> config setup
>> protostack=netkey
>> nat_traversal=yes
>> interfaces=%defaultroute
>
> NOte if that has to work for clients behind NAT later on, you need a
> virtual_private= line there as well.
>
>> conn client
>> authby=secret
>> auto=add
>> pfs=no
>> left=192.168.1.50
>> leftsubnet=192.168.1.50/32
>> leftprotoport=17/1701
>> right=%any
>> rightprotoport=17/1701
>
> And a rightsubnet=vhost:%priv,%no here
>
>> Apr 23 20:13:53 orange pluto[14995]: Starting Pluto (Openswan Version
>> 2.6.14; Vendor ID OEoSJUweaqAX) pid:14995
>
> Downgrade to 2.4.14 if this needs to work with NAT, until bug #1004 is
> fixed in the 2.6.x series.
>
>> STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x43343cdc
>> <0x7e376ecc xfrm=3DES_0-HMAC_MD5 NATOA=<invalid>NATD=<invalid>:500
>> DPD=enabled}
>
> So the IPsec part worked.
>
>> Apr 23 20:14:42 orange pluto[14995]: "client"[1] 192.168.1.4 #1:
>> received Delete SA(0x43343cdc) payload: deleting IPSEC State #2
>
> But it hung up on you, probably due to l2to not working properly. So
> look at xl2tpd's log messages.
Where is this log file?
More information about the Users
mailing list