[Openswan Users] Windows client L2TP/IPSec failed to connect via openswan 2.6.34 + saref + RADIUS

John Mok jmok at attglobal.net
Sat Jul 9 00:03:23 EDT 2011 

Hi,

I succeeded to apply SAREF patches to kernel 2.6.34 on Ubuntu 10.04 in 
KLIPS mode and get it running in KLIPS-NG mode. However, Windows client 
failed to connect with an error no. 792.

The xl2tpd ran in debug mode -D and showed no activity and the RADIUS 
server received no request from the VPN gateway.

Note :
External IP of VPN server : 61.14.130.25
Internal IP of VPN server : 10.144.1.250
IP of RADIUS server : 10.144.1.25

I hope someone could help if there is anything wrong with my 
configuration, and point me how to isolate the problem.

Thanks a lot.

John Mok

==== begin of ipsec.conf ===
config setup
	dumpdir=/var/run/pluto/
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10,%4:!10.144.1.0/24
	oe=off
	protostack=auto

conn l2tp-X.509
	authby=rsasig
	pfs=no
	auto=add
	rekey=no
	ikelifetime=8h
	keylife=1h
	type=transport
	left=61.14.130.25
	leftid=%fromcert
	leftrsasigkey=%cert
	leftcert=oslo-cert.pem
	leftprotoport=17/1701
	right=%any
	rightid=%fromcert
	rightca=%same
	rightrsasigkey=%cert
	rightprotoport=17/%any
	rightsubnet=vhost:%priv,%no

conn passthrough-for-non-l2tp
	type=passthrough
	left=61.14.130.25
	leftnexthop=61.14.130.1
	right=0.0.0.0
	rightsubnet=0.0.0.0/0
	auto=route

=== end of ipsec.conf ===

=== begin of xl2tpd.conf ===
  [global]
  port = 1701
  ipsec saref = yes

  [lns default]
  ip range = 10.144.1.246-10.144.1.249
  local ip = 10.144.1.250
  length bit = yes
  require chap = yes
  refuse pap = yes
  require authentication = yes
  name = oslo
  ppp debug = yes
  pppoptfile = /etc/ppp/options.xl2tpd
=== end of xl2tpd.conf ===

=== begin of options.xl2tpd ===

ipcp-accept-local
ipcp-accept-remote
ms-dns 10.144.1.45
ms-dns 10.144.1.45
ms-wins 10.144.1.15
ms-wins 10.144.1.15
noccp
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
plugin radius.so

=== end of options.xl2tpd ===

=== begin of radiusclient.conf ===

auth_order	radius
login_tries	4
login_timeout	60
nologin /etc/nologin
issue	/etc/radiusclient/issue
authserver 	10.144.1.25:1812
acctserver 	10.144.1.25:1813
servers		/etc/radiusclient/servers
dictionary 	/etc/radiusclient/dictionary
login_radius	/usr/sbin/login.radius
seqfile		/var/run/radius.seq
mapfile		/etc/radiusclient/port-id-map
default_realm
radius_timeout	10
radius_retries	3
login_local	/bin/login

=== end of radiusclient.conf ===

More information about the Users mailing list