[Openswan Users] Problems with lt2p/ipsec

Janantha Marasinghe janantha at techcert.lk
Mon Jun 22 05:09:50 EDT 2009 

I have solved this by installing and configuring Strongswan( I have used
the latest version 4.x).. I compiled it with

./configure --enable-nat-transport=yes (Thanks to Catalin for pointing out)

Make sure you have GCC and gmp and gmp-devel libs.

So Strongswan + Xl2tpd works fine with my setup which is identical to yours.

Mauricio Tavares wrote:
> Paul Wouters wrote:
>   
>> On Sun, 21 Jun 2009, Mauricio Tavares wrote:
>>
>>     
>>> 004 "l2tpTest" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
>>> {ESP=>0x3084e485 <0x0eb05998 xfrm=AES_0-HMAC_SHA1
>>> NATD=XXX.XXX.XXX.XXX:4500 DPD=none}
>>> root at monaco:~#
>>>
>>> From what I understood, that should have created a /dev/ppp0, but it
>>> does not seem to be the case:
>>>       
>> No, you need to have an l2tp daemon running which starts the ppp daemon.
>> I recommend using xl2tpd.
>>
>>     
> 	That is what I installed. About starting the ppp daemon and creating 
> ppp0 I thought I could do so (at least until satisfied it works when I 
> do manually) by
>
> /etc/init.d/ipsec restart
> ipsec auto --up l2tpTest
> echo "c L2TPserver" > /var/run/xl2tpd/l2tp-control
> route add -net 0.0.0.0 dev ppp0
>
>  From what you said, the third step would create ppp0, but it is not.
>
> The relevant files are
>
> /etc/xl2tpd/xl2tpd.conf
> ;
> ; l2tpd configuration file
> ;
> ;
> ; You most definitely don't have to spell out everything as it is done here
> ;
> [global]                                ; Global parameters:
>     port = 1701                          ; * Bind to port 1701
>     listen-addr = 127.0.0.1
> ; auth file = /etc/l2tpd/l2tp-secrets   ; * Where our challenge secrets are
> ; access control = yes                  ; * Refuse connections without 
> IP match
> ; rand source = dev                     ; Source for entropy for random
> ;                                       ; numbers, options are:
> ;                                       ; dev - reads of /dev/urandom
> ;                                       ; sys - uses rand()
> ;                                       ; egd - reads from egd socket
> ;                                       ; egd is not yet implemented
> ;
>
> ; Connect to the vpn server shop.server.com
> [lac L2TPserver]
> lns = shop.server.com
> require chap = yes
> refuse pap = yes
> require authentication = yes
> ; Name should be the same as the username in the PPP authentication!
> name = raub
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd.client
> length bit = yes
>
> /etc/ppp/options.l2tpd.client
> ipcp-accept-local
> ipcp-accept-remote
> refuse-eap
> noccp
> noauth
> crtscts
> idle 1800
> mtu 1410
> mru 1410
> nodefaultroute
> debug
> lock
> #proxyarp
> connect-delay 5000
>
>
>
>   
>> Paul
>>     
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>

More information about the Users mailing list