[Openswan Users] Hi a problem about disconnection

Spacelee fjctlzy at gmail.com
Mon Dec 27 23:01:13 EST 2010 

Sorry, I think I should reply at the bottom...

On Tue, Dec 28, 2010 at 10:47 AM, Paul Wouters <paul at xelerance.com> wrote:

> On Tue, 28 Dec 2010, Spacelee wrote:
>
>  This is my version, should I use the newest one?
>>
>> ipsec --version
>> Linux Openswan U2.6.24rc5/K2.6.26-2-xen-amd64 (netkey)
>>
>
> That's an "rc", a "release candidate". Yes you should upgrade to the latest
> full release, 2.6.32.
>
>

I already download the newest tar.gz, and make programs install , but I
couldn't connect from the client this time, no response from the server
seems(not the iptable problem)
xl2tp : 1.25
centos 5.3
xen virtual machine

it's working when I use the openswan 2.6.24 rpm


this is the results

ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                              [OK]
Linux Openswan U2.6.32/K2.6.26-2-xen-amd64 (netkey)
Checking for IPsec support in kernel                         [OK]
 SAref kernel support                                        [N/A]
 NETKEY:  Testing for disabled ICMP send_redirects           [OK]
NETKEY detected, testing for disabled ICMP accept_redirects  [OK]
Checking that pluto is running                               [OK]
 Pluto listening for IKE on udp 500                          [OK]
 Pluto listening for NAT-T on udp 4500                       [OK]
Checking for 'ip' command                                    [OK]
Checking /bin/sh is not /bin/dash                            [OK]
Checking for 'iptables' command                              [OK]
Opportunistic Encryption Support                             [DISABLED]


ipsec.conf
version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        oe=off
        # Enable this if you see "failed to find any available worker"
        nhelpers=0

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
uncomment this.
include /etc/ipsec.d/*.conf


conn L2TP-PSK-NAT
        overlapip=yes
        rightsubnet=vhost:%priv
        also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
        authby=secret
        pfs=no
        auto=add
#       keyingtries=3
        rekey=no
        ikelifetime=8h
        keylife=1h
        type=transport
        left=my server ip
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any
        dpddelay=20
        dpdtimeout=60
        dpdaction=clear




> Paul
>



-- 
*Space Lee*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101228/dadb588e/attachment.html

More information about the Users mailing list