[Openswan Users] Problems with lt2p/ipsec

Mauricio Tavares raubvogel at gmail.com
Sun Jun 21 12:19:48 EDT 2009 

	I am trying to connect to an ubuntu box which has openswan setup to do 
l2tp/ipsec based on http://www.jacco2.dds.nl/networking. It works fine 
when you try to connect with a OSX or a Windows box, but when I try to 
use my ubuntu 8.10 laptop, I do not seem to go very far.

Based on http://www.jacco2.dds.nl/networking/linux-l2tp.html and what I 
know of the server's setup, my laptop's config file looks like this:

root at monaco:~# cat /etc/ipsec.conf
version 2
config setup
     interfaces=%defaultroute
     nat_traversal=yes
     virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
     protostack=netkey

conn l2tpTest
     authby=rsasig
     pfs=no
     auto=add
     rekey=yes
     keyingtries=3
     type=transport
     # Left (local)
     leftprotoport=17/1701
     # left=%defaultroute
     left=192.168.2.123
     leftnexthop=192.168.2.1
     leftcert=server.crt
     leftrsasigkey=%cert
     # leftrsasigkey=server.key
     # Right (VPN)
     right=vpn.server.com
     rightprotoport=17/1701
     # rightcert=cacert.pem
     rightid="C=US, ST=Florida, L=Gainesville, O=Test Inc, OU=VPN, 
CN=vpn.server.com, E=support at server.com"
     rightrsasigkey=%cert
     rightca=%same
     # rightsubnet=vhost:%no,priv

# disable opportunistic encryption
conn block
     auto=ignore

conn private
     auto=ignore

conn private-or-clear
     auto=ignore

conn clear-or-private
     auto=ignore
conn clear
     auto=ignore

conn packetdefault
     auto=ignore
root at monaco:~# cat /etc/ipsec.conf

And the ipsec.secrets file looks like this:

root at monaco:~# cat /etc/ipsec.secrets
# profile: l2tpTest
: RSA server.key "fakepasswd"
root at monaco:~#

When I try to run the ipsec part, I get:

root at monaco:~# /etc/init.d/ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: stop ordered, but IPsec appear to be stopped already!
ipsec_setup: doing cleanup anyway...
ipsec_setup: Starting Openswan IPsec 2.4.12...
root at monaco:~# ipsec auto --up l2tpTest
104 "l2tpTest" #1: STATE_MAIN_I1: initiate
003 "l2tpTest" #1: received Vendor ID payload [Openswan (this version) 
2.4.12  LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "l2tpTest" #1: received Vendor ID payload [Dead Peer Detection]
003 "l2tpTest" #1: received Vendor ID payload [RFC 3947] method set to=109
106 "l2tpTest" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "l2tpTest" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): 
both are NATed
108 "l2tpTest" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "l2tpTest" #1: STATE_MAIN_I4: ISAKMP SA established 
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 
group=modp1536}
117 "l2tpTest" #2: STATE_QUICK_I1: initiate
004 "l2tpTest" #2: STATE_QUICK_I2: sent QI2, IPsec SA established 
{ESP=>0x3084e485 <0x0eb05998 xfrm=AES_0-HMAC_SHA1 
NATD=XXX.XXX.XXX.XXX:4500 DPD=none}
root at monaco:~#

 From what I understood, that should have created a /dev/ppp0, but it 
does not seem to be the case:

root at monaco:~# ls /dev/ppp*
/dev/ppp
root at monaco:~#

Would anyone have suggestions of what I should try next?

More information about the Users mailing list