[Openswan Users] Problems with lt2p/ipsec

Mauricio Tavares raubvogel at gmail.com
Tue Jun 23 07:32:12 EDT 2009 

Paul Wouters wrote:
> On Sun, 21 Jun 2009, Mauricio Tavares wrote:
> 
>>     That is what I installed. About starting the ppp daemon and creating
>> ppp0 I thought I could do so (at least until satisfied it works when I
>> do manually) by
>>
>> /etc/init.d/ipsec restart
>> ipsec auto --up l2tpTest
>> echo "c L2TPserver" > /var/run/xl2tpd/l2tp-control
> 
> is xl2tpd running? Did you configure it? What do the logs say?
> 
>> route add -net 0.0.0.0 dev ppp0
> 
> This should not be neccessary.
>
	Understood. But right now, once I got it running it did not add any 
route to my table. Knowing the subnet being provided by the server is 
192.168.5.0/24, I ended up doing

route add -net 192.168.5.0 dev ppp0

I still have to figure out why it is ignoring the vlan dns, but it is 
progress.

>> [global]                                ; Global parameters:
>>    port = 1701                          ; * Bind to port 1701
>>    listen-addr = 127.0.0.1
> 
> Are you doing portforwarding from your public ip to 127.0.0.1?
> 
	I see your point. I guess I should do port forwarding to the ip 
assigned by the openswan server to my laptop. Problem is I do not know 
what it is. So, I commented the listen-addr entry off which I guess 
means it will now listen to everyone (0.0.0.0)

>> ; Connect to the vpn server shop.server.com
>> [lac L2TPserver]
> 
> You don't need a lac section if you use xl2tpd as a daemon on
> the openswan server.
>
	Could you elaborate on that? I was able to get it to work but only with 
the lac session.

>> lns = shop.server.com
>> require chap = yes
>> refuse pap = yes
>> require authentication = yes
>> ; Name should be the same as the username in the PPP authentication!
>> name = raub
> 
> You dont need a namesetting. just use /etc/ppp/chaps.secret for all
> the names, passwords and ip addresses.
> 
	You know, I googled and googled and just could not find any info on 
chaps.secret. I know, shame on me...

> Are you trying to setup incoming l2tp/ipsec or outgoing l2tp/ipsec? I
> am confused here.
> 
> For more examples configs, see openswan-2.6.x/testing/pluto/*l2tp*
> 
> Paul

More information about the Users mailing list