[Openswan Users] Openswan and iphone L2TP/IPsec configuration example
paul at xelerance.com
Wed Nov 25 11:44:31 EST 2009
On Wed, 25 Nov 2009, Alexander Damhuis wrote:
>> Why not use L2TP? People are using that on their iphones to Openswan without
> I was trying that exactly and I fail with the L2TP portion of it right now - can you pinpoint me to useful info, configuration examples or someone, I could ask for examples?
> That would be very kind.
Below is my ipsec.conf using PSK and xl2tpd.conf. This is using openswan 2.6.24rc2 with NETKEY.
listen-addr = 220.127.116.11
debug tunnel = yes
ip range = 18.104.22.168-22.214.171.124
local ip = 126.96.36.199
require chap = yes
refuse pap = yes
require authentication = yes
name = OpenswanVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
/etc/ppp/options.xl2tpd is stock xl2tpd with only the nameservers changed
Note that my public IP/interface is 188.8.131.52, and my "internal network"
is 184.108.40.206/24. Most people will use RFC1918 where i have 193.111.228.x
# Secrets for authentication using PAP
# client server secret IP addresses
test * "test" 220.127.116.11
* test "test" 18.104.22.168
test1 * "test" 22.214.171.124/25
* test1 "test" 126.96.36.199/25
test2 * "test" 188.8.131.52/25
* test2 "test" 184.108.40.206/25
My public interface (220.127.116.11) is set to have an MTU of 1472.
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
That should get anyone going with a simple PSK/L2TP setup.
More information about the Users