[Openswan Users] OpenSwan + xl2tpd not working
Willie Gillespie
wgillespie+openswan at es2eng.com
Thu Aug 5 17:05:54 EDT 2010
I guess I should clarify:
Openswan seems to be working fine in your case.
In xltpd.conf, listen-addr should still be 192.168.0.22.
So for some reason the traffic is not making it there. Do you have a firewall rule that allows access to xl2tpd?
Perhaps something like:
-A INPUT -m policy --pol ipsec --dir in -p udp --dport 1701 -j ACCEPT
(only accept traffic to xl2tpd if it's come in through an IPsec tunnel first)
-----Original Message-----
From: "Willie Gillespie" <wgillespie+openswan at es2eng.com>
Sent: Thursday, August 5, 2010 2:59pm
To: Ghostryder at gmx.de
Cc: users at openswan.org
Subject: Re: [Openswan Users] OpenSwan + xl2tpd not working
You shouldn't forward port 1701 on the NAT device or it will allow L2TP to work without being inside an IPsec tunnel. Instead the traffic should be decoded on the Openswan box (sounds like your tunnel is fine) and just go to the localhost.
This document may help you as well:
http://www.rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html
Willie
-----Original Message-----
From: Ghostryder at gmx.de
Sent: Thursday, August 5, 2010 3:09am
To: users at openswan.org
Subject: [Openswan Users] OpenSwan + xl2tpd not working
Hi all,
I'm trying to set up a VPN server using OpenSwan. For the configuration process I've used
http://www.jacco2.dds.nl/networking/openswan-l2tp.html
The server is running an Ubuntu system with Kernel 2.6.32. I've used xl2tpd again as described in the link above. It is worth mentioning that the VPN server is behind a NAT device (DSL router).
I've tried to connect from a Windows XP client and it seems that the IPSec is running fine as I'm getting the message "STATE_QUICK_R2: IPsec SA established transport mode". However, xl2tpd is just doing nothing. I've started the service using "xl2tpd -D" and it tells me that it's listening on 192.168.0.22/1701 which is the IP address of the VPN server behind NAT, so all fine. But even if the XP client tries "officially" to connect there happens nothing... I've tried various things but I have no clue why there is no traffic... On the firewall of the NAT device the ports 500, 4500 and 1701 are forwarded to 192.168.0.22.
Has anyone got an idea what could be the problem?
Thanks in advance!
Regards, hg
--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list