[Openswan Users] iphone l2tp/ipsec IPsec SA established, but no l2tp/ppp connection

顏宏愷 yhkai at cht.com.tw
Thu Dec 31 04:43:25 EST 2009


Dear all,
I just tried iphone 3G (OS 3.1.2) connecting to openswan with netkey, iphone is behind Nat and using wi-fi connecting with wireless router.
The IPsec SA can be established , but after that, no xl2tp/ppd session happened (I think so, because no l2tp /ppp messages in messages log file)
Could you help me how to debug this situation?
Is this iphone problem? Or, Do I miss something in my config files?
Thanks in advance.

 Jimmy yen
________________________________
From: 顏宏愷
Sent: Thursday, December 24, 2009 1:29 PM
To: 顏宏愷; 'users at openswan.org'
Subject: RE: iphone l2tp/ipsec problem

Dear all,
Follow my last thread as below, my problem are:
1.       xl2tp seemed not run for iphone l2tp/ipsec. How to check if xl2tp has run or not?
2.       how to check what is wrong with xl2tp? How to solve the problem?

Many thanks
jimmy
________________________________
From: 顏宏愷
Sent: Wednesday, December 23, 2009 11:34 AM
To: 'users at openswan.org'
Subject: iphone l2tp/ipsec problem

Hi, all
My goal is to setup openswan server with l2tp/ipsec connection for iphone and windows mobile clients, using kernel netkey, preshared key and client is behind NAT. The installed packages in my linux box are: Kernel 2.6.18 ;Openswan 2.4.14;Xl2tpd 1.2.4 and Pppd 2.4.4 .
I have tested windows mobile 5.0 , 6.0 and 6.1 , they are all working fine.
Then I followed http://www.jacco2.dds.nl/networking/freeswan-panther.html to config iphone as follows
Select "General" -> "Network" -> "VPN<http://versatile.vox.com/library/photo/6a00c2251df8cb604a00e398a9d6b90001.html>" and then tap "Settings".
Select "L2TP"<http://edge.macworld.com/2007/07/images/content/security3.jpg>.
Enter the L2TP/IPsec server's address.
Tap "Account" and enter your username (for user authentication in the PPP phase of the VPN).
Tap "Secret" and enter your Preshared Key (for IPsec authentication).
Tap "Save" in the upper right corner
But it is strange for iphone that  , under the same config , I can see the IPsec SA established from ipsec barf and see tunnel has up from ipsec setup –status command.However iphone shows VPN server problem and no connection has been setup. I checked /var/log/messages but found nothing about xl2tpd or pppd. I think there must be  something wrong with l2tp/ppp, but no idea to find and solve it.  If anyone can provide any  helpful suggestion, will be appreciated.

Thanks in advance
Jimmy

------------------ Here is my ipsec.conf
config setup
       nat_traversal=yes
       virtual_private=%v4:192.168.0.0/24
       nhelpers=0
conn L2TP-PSK-NAT
       rightsubnet=vhost:%priv,%no
       also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
       authby=secret
       pfs=no
       auto=add
       keyingtries=3
       # we cannot rekey for %any, let client rekey
       rekey=no
       type=transport
       #
       #left=%defaultroute
       left=10.144.134.202
        leftnexthop=10.144.134.254
        leftprotoport=17/1701
       #
       # The remote user.
       #
       right=%any
       rightprotoport=17/%any
-----Here is xl2tpd.conf
[global]
; listen-addr = 192.168.1.98
; requires openswan-3.1 or higher
; ipsec saref = yes
; debug tunnel = yes
; auth file=/etc/ppp/chap-secrets
[lns default]
ip range = 192.168.1.128-192.168.1.253
local ip = 192.168.1.100
require chap = yes
refuse pap = yes
require authentication = yes
name = vpnserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
------- here is my options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
noccp
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
logfile /var/log/xl2tpd.log


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091231/3755b95b/attachment-0001.html 


More information about the Users mailing list