[Openswan Users] Openswan and iphone L2TP/IPsec configuration example

Philipp Weirauch weirauch at checkmobile.de
Thu Nov 26 02:15:30 EST 2009


so it al works now - i forgot to restart ipsec after installing rc4 :-)
sorry for the huzzle.
but - the iphone no connects fine - i see the following in the log:
Nov 26 07:55:22 vpn ip-up: FATAL: Module ip_tables not found.
Nov 26 07:55:22 vpn ip-up: FATAL: Module ip_conntrack not found.
Nov 26 07:55:23 vpn SuSEfirewall2: batch committing...
Nov 26 07:55:23 vpn SuSEfirewall2: Firewall rules successfully set
Nov 26 07:55:23 vpn /etc/ppp/ip-up.d/freeswan: this script needs to be run from ip-up or ip-down
Nov 26 07:55:23 vpn pppd[6233]: Script /etc/ppp/ip-up finished (pid 6237), status = 0x0
Nov 26 07:55:28 vpn poll.tcpip: no server configured
Nov 26 07:55:29 vpn ip-up: postqueue: fatal: Cannot flush mail queue - mail system is down

do i have to worry about that?

when i close the connection i get correct looking entries:
Nov 26 08:02:20 vpn pppd[6233]: rcvd [LCP EchoReq id=0x5 magic=0xf7cf945]
Nov 26 08:02:20 vpn pppd[6233]: sent [LCP EchoRep id=0x5 magic=0x187ebaf1]
Nov 26 08:02:24 vpn pppd[6233]: rcvd [LCP TermReq id=0x2 "User request"]
Nov 26 08:02:24 vpn pppd[6233]: LCP terminated by peer (User request)
Nov 26 08:02:24 vpn pppd[6233]: Connect time 7.1 minutes.
Nov 26 08:02:24 vpn pppd[6233]: Sent 127761 bytes, received 28605 bytes.
Nov 26 08:02:25 vpn pppd[6233]: Script /etc/ppp/ip-down started (pid 6466)

regards,
philipp


Am 26.11.2009 um 06:57 schrieb Philipp Weirauch:

> hi paul,
> i am using netkey and i just upgraded xl2tpd from version xl2tpd-1.2.3 to 1.2.4
> and i did  set the mtu on public interface on 1472. 
> the output is the same...
> Nov 26 06:48:26 vpn pluto[19901]: "l2tp-psk"[7] 80.187.101.1 #2848: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x036e0338 <0x8258b679 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> Nov 26 06:48:28 vpn xl2tpd[5733]: get_call: allocating new tunnel for host 80.187.101.1, port 49171.
> Nov 26 06:48:28 vpn xl2tpd[5733]: control_finish: Peer requested tunnel 8 twice, ignoring second one.
> Nov 26 06:48:28 vpn xl2tpd[5733]: build_fdset: closing down tunnel 5961
> 
> how looks your /etc/ppp/options.xl2tp file? maybe i made a mistake in there?
> some additional log info somewhere in the system?
> regards,
> philipp
> 
> 
> Am 26.11.2009 um 00:18 schrieb Paul Wouters:
> 
>> On Wed, 25 Nov 2009, Philipp Weirauch wrote:
>> 
>>> i used your config to connect with an iphone  - only with different ips and passwords :-)
>>> and i get the following in my /var/log/messages:
>>> 
>>> Nov 25 22:45:56 vpn pluto[19901]: "l2tp-psk"[4] 80.187.101.1 #2755: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
>>> Nov 25 22:45:56 vpn pluto[19901]: "l2tp-psk"[4] 80.187.101.1 #2755: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x07bf04b4 <0x6b2e7b9d xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
>>> Nov 25 22:45:58 vpn xl2tpd[3198]: get_call: allocating new tunnel for host 80.187.101.1, port 49166.
>>> Nov 25 22:45:58 vpn xl2tpd[3198]: control_finish: Peer requested tunnel 3 twice, ignoring second one.
>>> Nov 25 22:45:58 vpn xl2tpd[3198]: build_fdset: closing down tunnel 49666
>>> Nov 25 22:45:59 vpn xl2tpd[3198]: get_call: allocating new tunnel for host 80.187.101.1, port 49166.
>>> Nov 25 22:45:59 vpn xl2tpd[3198]: control_finish: Peer requested tunnel 3 twice, ignoring second one.
>>> Nov 25 22:45:59 vpn xl2tpd[3198]: build_fdset: closing down tunnel 26668
>>> Nov 25 22:45:59 vpn xl2tpd[3198]: network_thread: select timeout
>> 
>> Are you using NETKEY or KLIPS? In my case I was using NETKEY
>> 
>> What version of xl2tpd? I was using 1.2.4.
>> 
>> Did you set the MTU to 1472 on the public interface?
>> 
>> Paul
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1656 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20091126/46a6ae2b/attachment-0001.bin 


More information about the Users mailing list