[Openswan Users] Tunnel but no l2tp connection with openswan-2.6.19 and xltpd-1.2.3
No Body is Perfect
news.listener at gmail.com
Wed Feb 11 06:58:24 EST 2009
Today tested with openswan-2.6.20 but no chance ...
don't work ... any idea ?
No Body is Perfect schrieb:
> Hello Comunnity !
> I updated our VPN server from Fedora FC6 (Kernel
> 2.6.22/openswan-2.4.5/xl2tpd-1.1.11) to Fedora 10 (Kernel
> 2.6.27/openswan-2.6.19/xl2tpd-1.2.3) successfully but ...
> now the WinXP Clients can't connect to my network.
> Tunnel work but no connection to xl2tp.
>
> ipsec auto --status say ...
>
> 000 "roadwarrior-all"[3]: 0.0.0.0/0===217.110.71.112[C=DE, ST=BW, L=ST,
> O=Company, OU=EDV, CN=server]...95.112.243.191[C=DE, ST=BW, L=ST,
> O=Company, OU=EDV, CN=mycn]===?; unrouted; eroute owner: #0
> 000 "roadwarrior-l2tp"[2]: 217.110.71.112[C=DE, ST=BW, L=ST, O=Company,
> OU=EDV, CN=server]:17/1701---217.110.71.111...95.112.243.191[C=DE,
> ST=BW, L=ST, O=Company, OU=EDV, CN=mycn]:17/1701; erouted; eroute owner: #45
> 000 #44: "roadwarrior-all"[3] 95.112.243.191:4500 STATE_MAIN_R3 (sent
> MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3304s; newest ISAKMP; nodpd
> 000 #45: "roadwarrior-l2tp"[2] 95.112.243.191:4500 STATE_QUICK_R2 (IPsec
> SA established); EVENT_SA_REPLACE in 3304s; newest IPSEC; eroute owner
> 000 #45: "roadwarrior-l2tp"[2] 95.112.243.191 esp.9cdcf1e at 95.112.243.191
> esp.c3fd3fad at 217.110.71.112
>
> and on /var/log/messages ...
>
> Dec 14 11:04:29 linda xl2tpd[4912]: Maximum retries exceeded for tunnel
> 53196. Closing.
> Dec 14 11:04:29 linda xl2tpd[4912]: Connection 1 closed to
> 95.112.243.191, port 1701 (Timeout)
> Dec 14 11:04:35 linda xl2tpd[4912]: Can not find tunnel 53196 (refhim=0)
>
>
> now my ipsec.conf ..
>
>
> config setup
> # klipsdebug=none
> # plutodebug="control parsing"
> uniqueids=no
> myid=@XXXXXXXXXX
> plutowait=yes
> nat_traversal=yes
>
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.1.0/24
> #interfaces=%defaultroute
> oe=no
> protostack=netkey
> nhelpers=1
>
> conn %default
> keyingtries=3
> authby=rsasig
> disablearrivalcheck=no
> left=%defaultroute
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
> conn roadwarrior-net
> leftsubnet=172.30.10.0/24
> also=roadwarrior
>
> conn roadwarrior-all
> leftsubnet=0.0.0.0/0
> also=roadwarrior
>
> conn roadwarrior-l2tp
> pfs=no
> leftnexthop=217.110.71.111
> leftprotoport=17/1701
> rightprotoport=17/%any
> also=roadwarrior
>
> conn roadwarrior
> left=%defaultroute
> leftcert=server-cert.pem
> right=%any
> rightsubnet=vhost:%no,%priv
> auto=add
>
> and my xl2tpd.conf
> [global]
> port = 1701
> debug tunnel = yes
> debug avp = yes
> debug network = yes
> debug state = yes
>
> [lns default]
> exclusive=yes
> ip range = 172.30.99.2-172.30.99.254
> local ip = 172.30.99.1
> require chap = yes
> refuse pap = yes
> require authentication = yes
> refuse authentication = no
> name = LinuxVPNserver
> ppp debug = yes
> pppoptfile = /etc/ppp/options.xl2tpd
> length bit = yes
>
> Any hints ? Same config worked on older system ....
> Thanks in advance
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list