[Openswan Users] openswan installation

Özgür Uncuoğlu (WEBSAHİBİ) ozgur at websahibi.com
Fri Jun 3 02:58:15 EDT 2011 

After afew days,I completed the installation.

This is my xl2tpd/openswan installation under debian 6 and it's really working.

Debian 6 /2.6.32-5-686 
Openswan 2.6.28+dfsg-5
Xl2tpd 1.2.7+dfsg-1


-------------/etc/ipsec.conf--------------------

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        oe=off
        protostack=netkey
   

include /etc/ipsec.d/l2tp-psk.conf



-----------/etc/ipsec.d/l2tp-psk.conf-------------

conn L2TP-PSK-NAT
        rightsubnet=vhost:%priv
        also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        rekey=no
        ikelifetime=8h
        keylife=1h
        type=transport
        left=SERVER_REAL_IP
        leftnexthop=%defaultroute
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any


------------/etc/xl2tpd/xl2tpd.conf---------------
[global]
listen-addr = SERVER_REAL_IP
port = 1701
auth file = /etc/ppp/chap-secrets
ipsec saref = no
;forceuserspace = yes
; debug tunnel = yes

[lns default]
ip range = SERVER_LOCAL_IP-POOL
local ip = SERVER_LOCAL_IP
require chap = yes
refuse pap = yes
require authentication = yes
name = vpn
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes


----------/etc/ppp/options.xl2tpd----------------

ipcp-accept-local
ipcp-accept-remote
ms-dns A_DNS_RESOLVER_ADDRESS
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
name vpn
usehostname







-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Özgür Uncuoğlu (WEBSAHİBİ)
Sent: Monday, May 30, 2011 1:45 PM
To: Paul Wouters
Cc: users at openswan.org
Subject: Re: [Openswan Users] openswan installation

full error logs may help us to find the error;

May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received Vendor ID payload [RFC 3947] method set to=109
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [FRAGMENTATION]
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring Vendor ID payload [IKE CGA version 1]
May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: initial Main Mode message received on server_real_ip:500 but no connection has been authorized with policy=PSK

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Saturday, May 28, 2011 7:32 PM
To: Özgür Uncuoğlu (WEBSAHİBİ)
Cc: users at openswan.org
Subject: Re: [Openswan Users] openswan installation


Did you use empty lines in your config inside a conn definition? That will break things

Paul

On Sat, 28 May 2011, Özgür Uncuoğlu (WEBSAHİBİ) wrote:

> Date: Sat, 28 May 2011 13:21:01 +0300
> From: "Özgür Uncuoğlu (WEBSAHİBİ)" <ozgur at websahibi.com>
> To: "users at openswan.org" <users at openswan.org>
> Subject: [Openswan Users] openswan installation
> 
> 
> Hi there,
> 
>  
> 
> Newly installed openswan (2.6.23+dfsg-1ubuntu1 )on ubuntu 10.04 x64 with two interfaces.
> 
>  
> 
> When I try to connect from my pc (Windows 7) it logs error below
> 
>  
> 
> pluto[8707]: packet from client_ip:500: initial Main Mode message received on server_real_ip:500 but no
> connection has been authorized with policy=PSK
> 
>  
> 
> ipsec.secrets
> 
>  
> 
> server_real_ip %any: PSK "sharedkey"
> 
> 192.168.1.1 %any: PSK "sharedkey"
> 
>  
> 
> a part of ipsec.conf
> 
>  
> 
> conn L2TP-PSK
> 
>         authby=secret
> 
>         pfs=no
> 
>         auto=start
> 
> #       auto=add
> 
>         keyingtries=3
> 
>         rekey=no
> 
>         ikelifetime=8h
> 
>         keylife=1h
> 
>         type=transport
> 
>         left=server’s real ip
> 
>         leftnexthop=real ip gateway (router)
> 
>         leftprotoport=17/1701
> 
> #       leftprotoport=17/%any
> 
>  
> 
> #       right=%any
> 
> #       rightsubnet=vhost:%no,%priv
> 
>  
> 
>         right=192.168.1.1
> 
>         rightsubnet=192.168.1.0/24
> 
>         rightprotoport=17/0
> 
>  
> 
>  
> 
> googled lots of  page..lost in configurations
> 
> lot of combinations tried but …L
> 
>  
> 
> thnx in advance
> 
>  
> 
>  
> 
>  
> 
> Özgür UNCUOĞLU
> 
> Websahibi Internet Hizmetleri
> 
> Datacenter Koordinatörü
> 
> cid:image001.png at 01CA2FB6.7CDAD530
> 
>  
> 
> 
>
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list