[Openswan Users] Openswan 2.6.28 as an internet gateway not working help

Adam Crane atcapollo at hotmail.com
Wed Nov 17 05:24:40 EST 2010 

Hi, I had a thread back in October around setting up Openswan with Android using L2TP and IPSEC.
 
I've since got the IPSec VPN conntection fully working between my Android phone and Ubuntu box, with the exception that once the VPN is connected I seem to lose internet access on the Android device. I am looking to tunnel the Android internet access through the VPN and Ubunutu box to the internet, securing my internet sessions when I am on public wi-fi.
 
I suspect that I have an issue with my routing / NAT traversal which is disrupting the internet queries from my Android phone. Can someone advise how I can diagnose the issue?
 
The Android device is not rooted so using a Shell is impossible, hence tracing my network traffic from the handset has proven difficult. There may be something obviously wrong in my ipsec config files:
 
Setup
====
Ubuntu 10.04
Openswan 2.6.28
xl2tpd 1.2.7
Google Nexus One with Android 2.2.1 using an IPsec PSK tunnel and the 
l2tp secret not enabled.


 
###############################################################################
/etc/ipsec.conf
###############################################################################
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
         nat_traversal=yes
         virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
         oe=off
         protostack=netkey
         nhelpers=0

conn L2TP
         authby=secret
         auto=add
         pfs=no
         type=transport
         rekey=no

         left=192.168.1.100
         leftnexthop=192.168.1.1
         leftprotoport=17/1701

         right=%any
         rightsubnet=vhost:%no,%priv
         rightprotoport=17/1701
         forceencaps=yes


###############################################################################
/etc/xl2tpd/xl2tpd.conf
###############################################################################
[global]
ipsec saref = no
auth file = /etc/ppp/chap-secrets
port = 1701
debug tunnel = yes
debug avp = yes
debug packet = yes
debug network = yes
debug state = yes

[lns default]
ip range = 192.168.1.51-192.168.1.55
local ip = 192.168.1.50
require chap = yes
refuse pap = yes
require authentication = yes
name = Zebedee
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes


###############################################################################
/etc/ppp/chap-secrets
###############################################################################
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
*  *  "testpass"  *


###############################################################################
/etc/ppp/options.xl2tpd
###############################################################################
ipcp-accept-local
ipcp-accept-remote
noccp
auth
#crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
ms-dns 192.168.1.1

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101117/65f09dd8/attachment.html

More information about the Users mailing list