[Openswan Users] Openswan with L2TP/IPsec
Kevin Wilson
wkevils at gmail.com
Fri Dec 17 08:18:32 EST 2010
Hello, users of Openswan,
I tried to test a simple scenario of Openswan with L2TP/IPsec (of the
openl2tp project)
in a lab.
I use the very simple /etc/ipsec.conf file:
version 2.0
config setup
protostack="netkey"
conn l2tp-client
authby=secret
pfs=no
type=transport
left=192.168.0.10
leftprotoport=17/1701
right=192.168.0.20
rightprotoport=17/1701
auto=start
and I start it ok on both peers.
I create a very simple L2TP tunnel between 192.168.0.10 and 192.168.0.20 thus:
on 192.168.0.10, which is the server side, I have:
# /etc/open2ltp.conf
ppp profile modify profile_name=default auth_eap=no auth_mschapv1=no
auth_mschapv2=no
tunnel profile modify profile_name=default our_udp_port=1701
on 192.168.0.20, which is the client side, I have:
# /etc/open2ltp.conf
ppp profile modify profile_name=default \
auth_eap=no auth_mschapv1=no auth_mschapv2=no
tunnel create tunnel_name=mytunnel dest_ipaddr=192.168.0.10 \
persist=yes
session create tunnel_name=mytunnel session_name=mysession
user_name=user user_password=password
openl2tp is started on the client and the server and it is started OK.
"tunnel list", on both machines, from the l2tp shell, (l2tpconfig>) shows that
the tunnel is established.
I expected the traffic from .192.168.0.10, to 192.168.0.20 to be ESP
encrypted, as a result
of using Openswan with the /etc/ipsec.conf above, but sniffing
with wireshark shows it is not. Any idea why ?
Did anybody tried such a scenario?\
BTW, I don't see errors in the kernel syslog.
Regards,
Kevin
More information about the Users
mailing list