[Openswan Users] Trying to Get iPhone to Ubuntu VPN Working with OpenSwan

[Paul Wouters]

On Fri, 22 Apr 2011, Dan wrote:

> I'm trying to get VPN working using OpenSwan on my Ubuntu desktop so I can play mp3s off a Samba NAS drive on my iPhone over 3G.  With a fair amount of effort, I have gotten the VPN to connect and I can browse the Samba share.  But when I try to play an mp3 (and sometimes even before I get to that point), I will be disconnected.
>
> I would appreciate any assistance anyone can provide to me.  I have described all my config files and included relevant log output on the most recent post on my blog: http://www.drlongghost.com/wordpress/
>
> I'm also willing to post more detailed TCP dumps or whatnot if anyone can give me some instructions on how to do so.

- use rightprotoport=17/%any (not 17/0)
- You have an SAref patched kernel? If not, disable saref tracking in xl2tpd.conf

but your real problem is:

listen-addr = 192.168.1.10

[lns default]
ip range = 192.168.1.1-192.168.1.254
lac = 192.168.1.1 - 192.168.1.254        ; * These can connect as LAC's
local ip = 192.168.1.10

You are assigning l2tp addresses in the same range as your LAN. 
That's wrong. listen-addr is never the same as local ip. It cannot
be, because one tunnels the other.

Make up a new range, and ensure that new range can reach your stuff on 192.168.1.0/24

eg:

listen-addr = 192.168.1.10

[lns default]
ip range = 10.42.42.17-10.42.42.31
local ip = 10.42.42.1

and in /etc/ppp/chap-secrets something like

username   *         "password" 10.42.42.16/28
*          username  "password" 10.42.42.16/28

Paul