[Openswan Users] Hi a problem about disconnection

Spacelee fjctlzy at gmail.com
Tue Dec 28 01:16:35 EST 2010 

On Tue, Dec 28, 2010 at 12:01 PM, Spacelee <fjctlzy at gmail.com> wrote:

> Sorry, I think I should reply at the bottom...
>
> On Tue, Dec 28, 2010 at 10:47 AM, Paul Wouters <paul at xelerance.com> wrote:
>
>> On Tue, 28 Dec 2010, Spacelee wrote:
>>
>>  This is my version, should I use the newest one?
>>>
>>> ipsec --version
>>> Linux Openswan U2.6.24rc5/K2.6.26-2-xen-amd64 (netkey)
>>>
>>
>> That's an "rc", a "release candidate". Yes you should upgrade to the
>> latest
>> full release, 2.6.32.
>>
>>
>
> I already download the newest tar.gz, and make programs install , but I
> couldn't connect from the client this time, no response from the server
> seems(not the iptable problem)
> xl2tp : 1.25
> centos 5.3
> xen virtual machine
>
> it's working when I use the openswan 2.6.24 rpm
>
>
> this is the results
>
> ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                              [OK]
> Linux Openswan U2.6.32/K2.6.26-2-xen-amd64 (netkey)
> Checking for IPsec support in kernel                         [OK]
>  SAref kernel support                                        [N/A]
>  NETKEY:  Testing for disabled ICMP send_redirects           [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects  [OK]
> Checking that pluto is running                               [OK]
>  Pluto listening for IKE on udp 500                          [OK]
>  Pluto listening for NAT-T on udp 4500                       [OK]
> Checking for 'ip' command                                    [OK]
> Checking /bin/sh is not /bin/dash                            [OK]
> Checking for 'iptables' command                              [OK]
> Opportunistic Encryption Support                             [DISABLED]
>
>
> ipsec.conf
> version 2.0     # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
>         # Debug-logging controls:  "none" for (almost) none, "all" for
> lots.
>         # klipsdebug=none
>         # plutodebug="control parsing"
>         # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
>         protostack=netkey
>         nat_traversal=yes
>         virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
>         oe=off
>         # Enable this if you see "failed to find any available worker"
>         nhelpers=0
>
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
> uncomment this.
> include /etc/ipsec.d/*.conf
>
>
> conn L2TP-PSK-NAT
>         overlapip=yes
>         rightsubnet=vhost:%priv
>         also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
>         authby=secret
>         pfs=no
>         auto=add
> #       keyingtries=3
>         rekey=no
>         ikelifetime=8h
>         keylife=1h
>         type=transport
>         left=my server ip
>         leftprotoport=17/1701
>         right=%any
>         rightprotoport=17/%any
>         dpddelay=20
>         dpdtimeout=60
>         dpdaction=clear
>
>
>
>



I make it work now, the problem is there is no newline at the end of the
configuration.
but it seems the parameters below still don't work when I unplug the
ethernet. The server won't tell the radius that the client is no longer
there.

        dpddelay=20
        dpdtimeout=60
        dpdaction=clear


>  Paul
>>
>
>
>
> --
> *Space Lee*
>
>


-- 
*Space Lee*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101228/8f4d18c0/attachment-0001.html

More information about the Users mailing list