[Openswan Users] Problems with lt2p/ipsec

Paul Wouters paul at xelerance.com
Mon Jun 22 10:07:34 EDT 2009 

On Mon, 22 Jun 2009, Janantha Marasinghe wrote:

> I have solved this by installing and configuring Strongswan( I have used
> the latest version 4.x).. I compiled it with
>
> ./configure --enable-nat-transport=yes (Thanks to Catalin for pointing out)
>
> Make sure you have GCC and gmp and gmp-devel libs.
>
> So Strongswan + Xl2tpd works fine with my setup which is identical to yours.

I believe his problem was not openswan, but not running xl2tpd.

Paul

> Mauricio Tavares wrote:
>> Paul Wouters wrote:
>>
>>> On Sun, 21 Jun 2009, Mauricio Tavares wrote:
>>>
>>>
>>>> 004 "l2tpTest" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
>>>> {ESP=>0x3084e485 <0x0eb05998 xfrm=AES_0-HMAC_SHA1
>>>> NATD=XXX.XXX.XXX.XXX:4500 DPD=none}
>>>> root at monaco:~#
>>>>
>>>> From what I understood, that should have created a /dev/ppp0, but it
>>>> does not seem to be the case:
>>>>
>>> No, you need to have an l2tp daemon running which starts the ppp daemon.
>>> I recommend using xl2tpd.
>>>
>>>
>> 	That is what I installed. About starting the ppp daemon and creating
>> ppp0 I thought I could do so (at least until satisfied it works when I
>> do manually) by
>>
>> /etc/init.d/ipsec restart
>> ipsec auto --up l2tpTest
>> echo "c L2TPserver" > /var/run/xl2tpd/l2tp-control
>> route add -net 0.0.0.0 dev ppp0
>>
>>  From what you said, the third step would create ppp0, but it is not.
>>
>> The relevant files are
>>
>> /etc/xl2tpd/xl2tpd.conf
>> ;
>> ; l2tpd configuration file
>> ;
>> ;
>> ; You most definitely don't have to spell out everything as it is done here
>> ;
>> [global]                                ; Global parameters:
>>     port = 1701                          ; * Bind to port 1701
>>     listen-addr = 127.0.0.1
>> ; auth file = /etc/l2tpd/l2tp-secrets   ; * Where our challenge secrets are
>> ; access control = yes                  ; * Refuse connections without
>> IP match
>> ; rand source = dev                     ; Source for entropy for random
>> ;                                       ; numbers, options are:
>> ;                                       ; dev - reads of /dev/urandom
>> ;                                       ; sys - uses rand()
>> ;                                       ; egd - reads from egd socket
>> ;                                       ; egd is not yet implemented
>> ;
>>
>> ; Connect to the vpn server shop.server.com
>> [lac L2TPserver]
>> lns = shop.server.com
>> require chap = yes
>> refuse pap = yes
>> require authentication = yes
>> ; Name should be the same as the username in the PPP authentication!
>> name = raub
>> ppp debug = yes
>> pppoptfile = /etc/ppp/options.l2tpd.client
>> length bit = yes
>>
>> /etc/ppp/options.l2tpd.client
>> ipcp-accept-local
>> ipcp-accept-remote
>> refuse-eap
>> noccp
>> noauth
>> crtscts
>> idle 1800
>> mtu 1410
>> mru 1410
>> nodefaultroute
>> debug
>> lock
>> #proxyarp
>> connect-delay 5000
>>
>>
>>
>>
>>> Paul
>>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list