[Openswan Users] Hi a problem about disconnection
Spacelee
fjctlzy at gmail.com
Tue Dec 28 01:16:35 EST 2010
On Tue, Dec 28, 2010 at 12:01 PM, Spacelee <fjctlzy at gmail.com> wrote:
> Sorry, I think I should reply at the bottom...
>
> On Tue, Dec 28, 2010 at 10:47 AM, Paul Wouters <paul at xelerance.com> wrote:
>
>> On Tue, 28 Dec 2010, Spacelee wrote:
>>
>> This is my version, should I use the newest one?
>>>
>>> ipsec --version
>>> Linux Openswan U2.6.24rc5/K2.6.26-2-xen-amd64 (netkey)
>>>
>>
>> That's an "rc", a "release candidate". Yes you should upgrade to the
>> latest
>> full release, 2.6.32.
>>
>>
>
> I already download the newest tar.gz, and make programs install , but I
> couldn't connect from the client this time, no response from the server
> seems(not the iptable problem)
> xl2tp : 1.25
> centos 5.3
> xen virtual machine
>
> it's working when I use the openswan 2.6.24 rpm
>
>
> this is the results
>
> ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.6.32/K2.6.26-2-xen-amd64 (netkey)
> Checking for IPsec support in kernel [OK]
> SAref kernel support [N/A]
> NETKEY: Testing for disabled ICMP send_redirects [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects [OK]
> Checking that pluto is running [OK]
> Pluto listening for IKE on udp 500 [OK]
> Pluto listening for NAT-T on udp 4500 [OK]
> Checking for 'ip' command [OK]
> Checking /bin/sh is not /bin/dash [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
>
>
> ipsec.conf
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for
> lots.
> # klipsdebug=none
> # plutodebug="control parsing"
> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
> protostack=netkey
> nat_traversal=yes
> virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
> oe=off
> # Enable this if you see "failed to find any available worker"
> nhelpers=0
>
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
> uncomment this.
> include /etc/ipsec.d/*.conf
>
>
> conn L2TP-PSK-NAT
> overlapip=yes
> rightsubnet=vhost:%priv
> also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
> authby=secret
> pfs=no
> auto=add
> # keyingtries=3
> rekey=no
> ikelifetime=8h
> keylife=1h
> type=transport
> left=my server ip
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/%any
> dpddelay=20
> dpdtimeout=60
> dpdaction=clear
>
>
>
>
I make it work now, the problem is there is no newline at the end of the
configuration.
but it seems the parameters below still don't work when I unplug the
ethernet. The server won't tell the radius that the client is no longer
there.
dpddelay=20
dpdtimeout=60
dpdaction=clear
> Paul
>>
>
>
>
> --
> *Space Lee*
>
>
--
*Space Lee*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101228/8f4d18c0/attachment-0001.html
More information about the Users
mailing list