[Openswan Users] iphone l2tp/ipsec problem
yhkai at cht.com.tw
Thu Dec 24 00:28:42 EST 2009
Follow my last thread as below, my problem are:
1. xl2tp seemed not run for iphone l2tp/ipsec. How to check if xl2tp has run or not?
2. how to check what is wrong with xl2tp? How to solve the problem?
Sent: Wednesday, December 23, 2009 11:34 AM
To: 'users at openswan.org'
Subject: iphone l2tp/ipsec problem
My goal is to setup openswan server with l2tp/ipsec connection for iphone and windows mobile clients, using kernel netkey, preshared key and client is behind NAT. The installed packages in my linux box are: Kernel 2.6.18 ;Openswan 2.4.14;Xl2tpd 1.2.4 and Pppd 2.4.4 .
I have tested windows mobile 5.0 , 6.0 and 6.1 , they are all working fine.
Then I followed http://www.jacco2.dds.nl/networking/freeswan-panther.html to config iphone as follows
Select "General" -> "Network" -> "VPN<http://versatile.vox.com/library/photo/6a00c2251df8cb604a00e398a9d6b90001.html>" and then tap "Settings".
Enter the L2TP/IPsec server's address.
Tap "Account" and enter your username (for user authentication in the PPP phase of the VPN).
Tap "Secret" and enter your Preshared Key (for IPsec authentication).
Tap "Save" in the upper right corner
But it is strange for iphone that , under the same config , I can see the IPsec SA established from ipsec barf and see tunnel has up from ipsec setup –status command.However iphone shows VPN server problem and no connection has been setup. I checked /var/log/messages but found nothing about xl2tpd or pppd. I think there must be something wrong with l2tp/ppp, but no idea to find and solve it. If anyone can provide any helpful suggestion, will be appreciated.
Thanks in advance
------------------ Here is my ipsec.conf
# we cannot rekey for %any, let client rekey
# The remote user.
-----Here is xl2tpd.conf
; listen-addr = 192.168.1.98
; requires openswan-3.1 or higher
; ipsec saref = yes
; debug tunnel = yes
; auth file=/etc/ppp/chap-secrets
ip range = 192.168.1.128-192.168.1.253
local ip = 192.168.1.100
require chap = yes
refuse pap = yes
require authentication = yes
name = vpnserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
------- here is my options.xl2tpd
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users