[Openswan Users] Trying to Get iPhone to Ubuntu VPN Working with OpenSwan

Dan dan24678 at yahoo.com
Sat Apr 23 09:14:23 EDT 2011 

Paul,

Thanks you very much for your prompt and helpful response.

I made the three changes you suggested and it is actually working now!  This is so gratifying after investing so much time in this to have finally gotten it working.

I do have a couple follow-up questions that I'm hoping you can help me with:

1) It takes 40 seconds to download a 3.1 MB mp3. Once I get around to setting up media streaming, I think this will be fast enough, but I'm wondering if there's any way to speed it up.  Should I raise the xl2tpd's MTU setting?  Or would that cause problems?  Maybe 3 MB per 40 seconds is as fast as AT&T 3G gets. I'm not too sure.

2) I have all along been experiencing the behavior in OpenSwan that I think is a documented bug:  When I disconnect my iPhone from the VPN, I need to restart it with /etc/init.d/ipsec restart before I'm able to reconnect.  Is there a known fix to this?  I actually have an idea on how I can set up a password-protected URL to remotely restart it, so in a pinch, I can get that working, but obviously a proper fix would be ideal.

Thanks again for your help.
-Dan

--- On Fri, 4/22/11, Paul Wouters <paul at xelerance.com> wrote:

> From: Paul Wouters <paul at xelerance.com>
> Subject: Re: [Openswan Users] Trying to Get iPhone to Ubuntu VPN Working with OpenSwan
> To: "Dan" <dan24678 at yahoo.com>
> Cc: users at openswan.org
> Date: Friday, April 22, 2011, 4:45 PM
> On Fri, 22 Apr 2011, Dan wrote:
> 
> > I'm trying to get VPN working using OpenSwan on my
> Ubuntu desktop so I can play mp3s off a Samba NAS drive on
> my iPhone over 3G.  With a fair amount of effort, I
> have gotten the VPN to connect and I can browse the Samba
> share.  But when I try to play an mp3 (and sometimes
> even before I get to that point), I will be disconnected.
> >
> > I would appreciate any assistance anyone can provide
> to me.  I have described all my config files and
> included relevant log output on the most recent post on my
> blog: http://www.drlongghost.com/wordpress/
> >
> > I'm also willing to post more detailed TCP dumps or
> whatnot if anyone can give me some instructions on how to do
> so.
> 
> - use rightprotoport=17/%any (not 17/0)
> - You have an SAref patched kernel? If not, disable saref
> tracking in xl2tpd.conf
> 
> but your real problem is:
> 
> listen-addr = 192.168.1.10
> 
> [lns default]
> ip range = 192.168.1.1-192.168.1.254
> lac = 192.168.1.1 - 192.168.1.254     
>   ; * These can connect as LAC's
> local ip = 192.168.1.10
> 
> You are assigning l2tp addresses in the same range as your
> LAN. 
> That's wrong. listen-addr is never the same as local ip. It
> cannot
> be, because one tunnels the other.
> 
> Make up a new range, and ensure that new range can reach
> your stuff on 192.168.1.0/24
> 
> eg:
> 
> listen-addr = 192.168.1.10
> 
> [lns default]
> ip range = 10.42.42.17-10.42.42.31
> local ip = 10.42.42.1
> 
> and in /etc/ppp/chap-secrets something like
> 
> username   *     
>    "password" 10.42.42.16/28
> *          username 
> "password" 10.42.42.16/28
> 
> Paul
>

More information about the Users mailing list