[Openswan Users] OpenSwan + xl2tpd not working

Wed Aug 18 02:52:59 EDT 2010

Hi Willie!

Thanks for the comment!

I've added the firewall rule although there isn't any firewall operating at the server currently... I'm completely stuck. xl2tpd is listening on address 192.168.0.22/1701 but doesn't get any requests at all :-(. 

Are there any other tests that I could do to find the fault?

Regards,
g.

-------- Original-Nachricht --------
> Datum: Thu, 5 Aug 2010 15:05:54 -0600 (MDT)
> Von: "Willie Gillespie" <wgillespie+openswan at es2eng.com>
> An: ghostryder at gmx.de
> CC: users at openswan.org
> Betreff: Re: [Openswan Users] OpenSwan + xl2tpd not working

> I guess I should clarify:
> Openswan seems to be working fine in your case.
> In xltpd.conf, listen-addr should still be 192.168.0.22.
> So for some reason the traffic is not making it there.  Do you have a
> firewall rule that allows access to xl2tpd?
> Perhaps something like:
> -A INPUT -m policy --pol ipsec --dir in -p udp --dport 1701 -j ACCEPT
> (only accept traffic to xl2tpd if it's come in through an IPsec tunnel
> first)
> 
> -----Original Message-----
> From: "Willie Gillespie" <wgillespie+openswan at es2eng.com>
> Sent: Thursday, August 5, 2010 2:59pm
> To: Ghostryder at gmx.de
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] OpenSwan + xl2tpd not working
> 
> You shouldn't forward port 1701 on the NAT device or it will allow L2TP to
> work without being inside an IPsec tunnel.  Instead the traffic should be
> decoded on the Openswan box (sounds like your tunnel is fine) and just go
> to the localhost.
> 
> This document may help you as well:
> http://www.rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html
> 
> Willie
> 
> -----Original Message-----
> From: Ghostryder at gmx.de
> Sent: Thursday, August 5, 2010 3:09am
> To: users at openswan.org
> Subject: [Openswan Users] OpenSwan + xl2tpd not working
> 
> Hi all,
> 
> I'm trying to set up a VPN server using OpenSwan. For the configuration
> process I've used 
> 
> http://www.jacco2.dds.nl/networking/openswan-l2tp.html
> 
> The server is running an Ubuntu system with Kernel 2.6.32. I've used
> xl2tpd again as described in the link above. It is worth mentioning that the VPN
> server is behind a NAT device (DSL router).
> 
> I've tried to connect from a Windows XP client and it seems that the IPSec
> is running fine as I'm getting the message "STATE_QUICK_R2: IPsec SA
> established transport mode". However, xl2tpd is just doing nothing. I've started
> the service using "xl2tpd -D" and it tells me that it's listening on
> 192.168.0.22/1701 which is the IP address of the VPN server behind NAT, so all
> fine. But even if the XP client tries "officially" to connect there happens
> nothing... I've tried various things but I have no clue why there is no
> traffic... On the firewall of the NAT device the ports 500, 4500 and 1701 are
> forwarded to 192.168.0.22. 
> 
> Has anyone got an idea what could be the problem?
> 
> Thanks in advance!
> Regards, hg 
> 
> 
> -- 
> GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
> Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 
> 

-- 
GMX DSL SOMMER-SPECIAL: Surf & Phone Flat 16.000 für nur 19,99 ¿/mtl.!*
http://portal.gmx.net/de/go/dsl