[Openswan Users] Problems with lt2p/ipsec

Mauricio Tavares raubvogel at gmail.com
Sun Jun 21 18:17:06 EDT 2009 

Paul Wouters wrote:
> On Sun, 21 Jun 2009, Mauricio Tavares wrote:
> 
>> 004 "l2tpTest" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
>> {ESP=>0x3084e485 <0x0eb05998 xfrm=AES_0-HMAC_SHA1
>> NATD=XXX.XXX.XXX.XXX:4500 DPD=none}
>> root at monaco:~#
>>
>> From what I understood, that should have created a /dev/ppp0, but it
>> does not seem to be the case:
> 
> No, you need to have an l2tp daemon running which starts the ppp daemon.
> I recommend using xl2tpd.
> 
	That is what I installed. About starting the ppp daemon and creating 
ppp0 I thought I could do so (at least until satisfied it works when I 
do manually) by

/etc/init.d/ipsec restart
ipsec auto --up l2tpTest
echo "c L2TPserver" > /var/run/xl2tpd/l2tp-control
route add -net 0.0.0.0 dev ppp0

 From what you said, the third step would create ppp0, but it is not.

The relevant files are

/etc/xl2tpd/xl2tpd.conf
;
; l2tpd configuration file
;
;
; You most definitely don't have to spell out everything as it is done here
;
[global]                                ; Global parameters:
    port = 1701                          ; * Bind to port 1701
    listen-addr = 127.0.0.1
; auth file = /etc/l2tpd/l2tp-secrets   ; * Where our challenge secrets are
; access control = yes                  ; * Refuse connections without 
IP match
; rand source = dev                     ; Source for entropy for random
;                                       ; numbers, options are:
;                                       ; dev - reads of /dev/urandom
;                                       ; sys - uses rand()
;                                       ; egd - reads from egd socket
;                                       ; egd is not yet implemented
;

; Connect to the vpn server shop.server.com
[lac L2TPserver]
lns = shop.server.com
require chap = yes
refuse pap = yes
require authentication = yes
; Name should be the same as the username in the PPP authentication!
name = raub
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

/etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
noccp
noauth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
#proxyarp
connect-delay 5000



> Paul

More information about the Users mailing list