[Openswan Users] iphone l2tp/ipsec problem

顏宏愷 yhkai at cht.com.tw
Tue Dec 22 22:33:57 EST 2009 

Hi, all
My goal is to setup openswan server with l2tp/ipsec connection for iphone and windows mobile clients, using kernel netkey, preshared key and client is behind NAT. The installed packages in my linux box are: Kernel 2.6.18 ;Openswan 2.4.14;Xl2tpd 1.2.4 and Pppd 2.4.4 .
I have tested windows mobile 5.0 , 6.0 and 6.1 , they are all working fine.
Then I followed http://www.jacco2.dds.nl/networking/freeswan-panther.html to config iphone as follows
Select "General" -> "Network" -> "VPN<http://versatile.vox.com/library/photo/6a00c2251df8cb604a00e398a9d6b90001.html>" and then tap "Settings".
Select "L2TP"<http://edge.macworld.com/2007/07/images/content/security3.jpg>.
Enter the L2TP/IPsec server's address.
Tap "Account" and enter your username (for user authentication in the PPP phase of the VPN).
Tap "Secret" and enter your Preshared Key (for IPsec authentication).
Tap "Save" in the upper right corner
But it is strange for iphone that  , under the same config , I can see the IPsec SA established from ipsec barf and see tunnel has up from ipsec setup –status command.However iphone shows VPN server problem and no connection has been setup. I checked /var/log/messages but found nothing about xl2tpd or pppd. I think there must be  something wrong with l2tp/ppp, but no idea to find and solve it.  If anyone can provide any  helpful suggestion, will be appreciated.

Thanks in advance
Jimmy

------------------ Here is my ipsec.conf
config setup
       nat_traversal=yes
       virtual_private=%v4:192.168.0.0/24
       nhelpers=0
conn L2TP-PSK-NAT
       rightsubnet=vhost:%priv,%no
       also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
       authby=secret
       pfs=no
       auto=add
       keyingtries=3
       # we cannot rekey for %any, let client rekey
       rekey=no
       type=transport
       #
       #left=%defaultroute
       left=10.144.134.202
        leftnexthop=10.144.134.254
        leftprotoport=17/1701
       #
       # The remote user.
       #
       right=%any
       rightprotoport=17/%any
-----Here is xl2tpd.conf
[global]
; listen-addr = 192.168.1.98
; requires openswan-3.1 or higher
; ipsec saref = yes
; debug tunnel = yes
; auth file=/etc/ppp/chap-secrets
[lns default]
ip range = 192.168.1.128-192.168.1.253
local ip = 192.168.1.100
require chap = yes
refuse pap = yes
require authentication = yes
name = vpnserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
------- here is my options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
noccp
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
logfile /var/log/xl2tpd.log


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091223/a4a97f25/attachment.html

More information about the Users mailing list