[Openswan Users] Users Digest, Vol 91, Issue 3

heta shah heta45 at gmail.com
Tue Jun 7 06:26:01 EDT 2011


Hello Sir,


This is /var/log/debug messages.

Jun  7 15:42:39 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 1 twice, ignoring second one.
Jun  7 15:42:51 cloud-enjay last message repeated 3 times
Jun  7 15:42:57 cloud-enjay xl2tpd[21564]: Unable to deliver closing message
for tunnel 41984. Destroying anyway.
Jun  7 15:43:01 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 1 twice, ignoring second one.
Jun  7 15:44:14 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 2 twice, ignoring second one.
Jun  7 15:44:27 cloud-enjay last message repeated 3 times
Jun  7 15:44:32 cloud-enjay xl2tpd[21564]: Unable to deliver closing message
for tunnel 44982. Destroying anyway.
Jun  7 15:44:37 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 2 twice, ignoring second one.
Jun  7 15:45:50 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 3 twice, ignoring second one.
Jun  7 15:45:55 cloud-enjay last message repeated 2 times
Jun  7 15:46:00 cloud-enjay xl2tpd[21564]: Unable to deliver closing message
for tunnel 33914. Destroying anyway.
Jun  7 15:46:03 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 3 twice, ignoring second one.
Jun  7 15:47:25 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 4 twice, ignoring second one.
Jun  7 15:47:26 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 4 twice, ignoring second one.
Jun  7 15:47:30 cloud-enjay xl2tpd[21564]: Unable to deliver closing message
for tunnel 32276. Destroying anyway.
Jun  7 15:47:30 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 4 twice, ignoring second one.
Jun  7 15:47:35 cloud-enjay xl2tpd[21564]: Unable to deliver closing message
for tunnel 45173. Destroying anyway.
Jun  7 15:47:38 cloud-enjay xl2tpd[21564]: control_finish: Peer requested
tunnel 4 twice, ignoring second one.


Please help me VPN server is not able to connect.

Is any error is coming ..



On Fri, Jun 3, 2011 at 4:09 PM, <users-request at openswan.org> wrote:

> Send Users mailing list submissions to
>        users at openswan.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://lists.openswan.org/mailman/listinfo/users
> or, via email, send a message with subject or body 'help' to
>        users-request at openswan.org
>
> You can reach the person managing the list at
>        users-owner at openswan.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Users digest..."
>
>
> Today's Topics:
>
>   1. Re: Error in OPENSWAN with XL2TP (Willie Gillespie)
>   2. Re: openswan installation (?zg?r Uncuo?lu (WEBSAH?B?))
>   3. Re: openswan installation (?zg?r Uncuo?lu (WEBSAH?B?))
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 02 Jun 2011 11:48:07 -0600
> From: Willie Gillespie <wgillespie+openswan at es2eng.com>
> Subject: Re: [Openswan Users] Error in OPENSWAN with XL2TP
> To: users at openswan.org
> Message-ID: <4DE7CCD7.8070107 at es2eng.com>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> I don't see any real errors here.  The message you are seeing when
> starting xl2tpd is more of an informational/warning.  It doesn't require
> kernel L2TP to work.  My guess is that the client is connecting, but
> then closing things down.
>
> The IPsec part is working.  Maybe turn on debugging in
> /etc/xl2tpd/xl2tpd.conf with ppp debug = yes
> Then look at /var/log/debug and see if anything sticks out to you.
>
> Willie
>
> On 6/2/2011 2:10 AM, heta shah wrote:
> > Hello Sir,
> >
> > Please help me regarding IPSEC with L2TP. I have configure OPENSWAN with
> > L2TP . when I am tring to connect to server from NATed site it showing
> > this error on server side.
> > My server is Ubuntu 9.10 server edition with kernel  2.6.28-11-server
> >
> >
> >
> >
> > Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #14: peer client type is FQDN
> > Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #14: Applying workaround for MS-818043 NAT-T bug
> > Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #14: IDci was FQDN: t\307\251-, using
> > NAT_OA=192.168.1.35/32 <http://192.168.1.35/32> as IDci
> > Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #14: the peer proposed: 116.199.169.45/32:17/1701
> > <http://116.199.169.45/32:17/1701> -> 192.168.1.35/32:17/0
> > <http://192.168.1.35/32:17/0>
> > Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #15: responding to Quick Mode proposal {msgid:314343e9}
> > Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #15:     us: 116.199.169.45<116.199.169.45>[+S=C]:17/1701
> > Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #15:   them: 117.196.10.91[@2k3test.enjay.com
> > <http://2k3test.enjay.com>,+S=C]:17/1701===?
> > Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #15: transition from state STATE_QUICK_R0 to state
> > STATE_QUICK_R1
> > Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #15: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
> > expecting QI2
> > Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #15: transition from state STATE_QUICK_R1 to state
> > STATE_QUICK_R2
> > Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12]
> > 117.196.10.91 #15: STATE_QUICK_R2: IPsec SA established transport mode
> > {ESP=>0x8b28bcad <0xa93368e1 xfrm=3DES_0-HMAC_MD5 NATOA=192.168.1.35
> > NATD=117.196.10.91:4500 <http://117.196.10.91:4500> DPD=none}
> > Jun  2 13:34:36 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]
> > 117.196.10.91 #18: received Delete SA(0x8b9e0884) payload: deleting
> > IPSEC State #19
> > Jun  2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]
> > 117.196.10.91 #18: received and ignored informational message
> > Jun  2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]
> > 117.196.10.91 #18: received Delete SA payload: deleting ISAKMP State #18
> > Jun  2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16]
> > 117.196.10.91 <http://117.196.10.91>: deleting connection "L2TP-PSK-NAT"
> > instance with peer 117.196.10.91 {isakmp=#0/ipsec=#0}
> > Jun  2 13:34:37 cloud-enjay pluto[2638]: packet from 117.196.10.91:4500
> > <http://117.196.10.91:4500>: received and ignored informational message
> >
> >
> > when I am starting the XL2TP service it gives this error.
> >
> > Jun  2 13:37:01 cloud-enjay xl2tpd[24455]: setsockopt recvref[22]:
> > Protocol not available
> > Jun  2 13:37:01 cloud-enjay xl2tpd[24455]: This binary does not support
> > kernel L2TP.
> > Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: xl2tpd version xl2tpd-1.2.4
> > started on cloud-enjay PID:24456
> > Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Written by Mark Spencer,
> > Copyright (C) 1998, Adtran, Inc.
> > Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Forked by Scott Balmos and
> > David Stipp, (C) 2001
> > Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Inherited by Jeff McAdams,
> > (C) 2002
> > Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Forked again by Xelerance
> > (www.xelerance.com <http://www.xelerance.com>) (C) 2006
> > Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Listening on IP address
> > 0.0.0.0, port 1701
> >
> > Please help me If anyone knows about it.
> > --
> > Thanks and Regards.
> >
> > Heta Shah
> > 91-9662505876
> >
> >
> >
> >
> >
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 3 Jun 2011 09:58:15 +0300
> From: ?zg?r Uncuo?lu (WEBSAH?B?)        <ozgur at websahibi.com>
> Subject: Re: [Openswan Users] openswan installation
> To: ?zg?r Uncuo?lu (WEBSAH?B?)  <ozgur at websahibi.com>, Paul Wouters
>        <paul at xelerance.com>
> Cc: "users at openswan.org" <users at openswan.org>
> Message-ID:
>        <
> 49D3A14667636144913116095AD8A6966F6FD727D7 at WEBSAHIBISRV.websahibi.com>
>
> Content-Type: text/plain; charset="utf-8"
>
> After afew days,I completed the installation.
>
> This is my xl2tpd/openswan installation under debian 6 and it's really
> working.
>
> Debian 6 /2.6.32-5-686
> Openswan 2.6.28+dfsg-5
> Xl2tpd 1.2.7+dfsg-1
>
>
> -------------/etc/ipsec.conf--------------------
>
> version 2.0     # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
>
>        nat_traversal=yes
>        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
>        oe=off
>        protostack=netkey
>
>
> include /etc/ipsec.d/l2tp-psk.conf
>
>
>
> -----------/etc/ipsec.d/l2tp-psk.conf-------------
>
> conn L2TP-PSK-NAT
>        rightsubnet=vhost:%priv
>        also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
>        authby=secret
>        pfs=no
>        auto=add
>        keyingtries=3
>        rekey=no
>        ikelifetime=8h
>        keylife=1h
>        type=transport
>        left=SERVER_REAL_IP
>        leftnexthop=%defaultroute
>        leftprotoport=17/1701
>        right=%any
>        rightprotoport=17/%any
>
>
> ------------/etc/xl2tpd/xl2tpd.conf---------------
> [global]
> listen-addr = SERVER_REAL_IP
> port = 1701
> auth file = /etc/ppp/chap-secrets
> ipsec saref = no
> ;forceuserspace = yes
> ; debug tunnel = yes
>
> [lns default]
> ip range = SERVER_LOCAL_IP-POOL
> local ip = SERVER_LOCAL_IP
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = vpn
> ppp debug = yes
> pppoptfile = /etc/ppp/options.xl2tpd
> length bit = yes
>
>
> ----------/etc/ppp/options.xl2tpd----------------
>
> ipcp-accept-local
> ipcp-accept-remote
> ms-dns A_DNS_RESOLVER_ADDRESS
> noccp
> auth
> crtscts
> idle 1800
> mtu 1410
> mru 1410
> nodefaultroute
> debug
> lock
> proxyarp
> connect-delay 5000
> name vpn
> usehostname
>
>
>
>
>
>
>
> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
> Behalf Of ?zg?r Uncuo?lu (WEBSAH?B?)
> Sent: Monday, May 30, 2011 1:45 PM
> To: Paul Wouters
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] openswan installation
>
> full error logs may help us to find the error;
>
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received
> Vendor ID payload [RFC 3947] method set to=109
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already
> using method 109
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [MS-Negotiation Discovery Capable]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [IKE CGA version 1]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: initial Main
> Mode message received on server_real_ip:500 but no connection has been
> authorized with policy=PSK
>
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Saturday, May 28, 2011 7:32 PM
> To: ?zg?r Uncuo?lu (WEBSAH?B?)
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] openswan installation
>
>
> Did you use empty lines in your config inside a conn definition? That will
> break things
>
> Paul
>
> On Sat, 28 May 2011, ?zg?r Uncuo?lu (WEBSAH?B?) wrote:
>
> > Date: Sat, 28 May 2011 13:21:01 +0300
> > From: "?zg?r Uncuo?lu (WEBSAH?B?)" <ozgur at websahibi.com>
> > To: "users at openswan.org" <users at openswan.org>
> > Subject: [Openswan Users] openswan installation
> >
> >
> > Hi there,
> >
> > ?
> >
> > Newly installed openswan (2.6.23+dfsg-1ubuntu1 )on ubuntu 10.04 x64 with
> two interfaces.
> >
> > ?
> >
> > When I try to connect from my pc (Windows 7) it logs error below
> >
> > ?
> >
> > pluto[8707]: packet from client_ip:500: initial Main Mode message
> received on server_real_ip:500 but no
> > connection has been authorized with policy=PSK
> >
> > ?
> >
> > ipsec.secrets
> >
> > ?
> >
> > server_real_ip %any: PSK "sharedkey"
> >
> > 192.168.1.1 %any: PSK "sharedkey"
> >
> > ?
> >
> > a part of ipsec.conf
> >
> > ?
> >
> > conn L2TP-PSK
> >
> > ??????? authby=secret
> >
> > ??????? pfs=no
> >
> > ??????? auto=start
> >
> > #?????? auto=add
> >
> > ??????? keyingtries=3
> >
> > ??????? rekey=no
> >
> > ??????? ikelifetime=8h
> >
> > ??????? keylife=1h
> >
> > ??????? type=transport
> >
> > ??????? left=server?s real ip
> >
> > ??????? leftnexthop=real ip gateway (router)
> >
> > ??????? leftprotoport=17/1701
> >
> > #?????? leftprotoport=17/%any
> >
> > ?
> >
> > #?????? right=%any
> >
> > #?????? rightsubnet=vhost:%no,%priv
> >
> > ?
> >
> > ??????? right=192.168.1.1
> >
> > ??????? rightsubnet=192.168.1.0/24
> >
> > ??????? rightprotoport=17/0
> >
> > ?
> >
> > ?
> >
> > googled lots of ?page..lost in configurations
> >
> > lot of combinations tried but ?L
> >
> > ?
> >
> > thnx in advance
> >
> > ?
> >
> > ?
> >
> > ?
> >
> > ?zg?r UNCUO?LU
> >
> > Websahibi Internet Hizmetleri
> >
> > Datacenter Koordinat?r?
> >
> > cid:image001.png at 01CA2FB6.7CDAD530
> >
> > ?
> >
> >
> >
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> ------------------------------
>
> Message: 3
> Date: Fri, 3 Jun 2011 13:38:54 +0300
> From: ?zg?r Uncuo?lu (WEBSAH?B?)        <ozgur at websahibi.com>
> Subject: Re: [Openswan Users] openswan installation
> To: ?zg?r Uncuo?lu (WEBSAH?B?)  <ozgur at websahibi.com>, Paul Wouters
>        <paul at xelerance.com>
> Cc: "users at openswan.org" <users at openswan.org>
> Message-ID:
>        <
> 49D3A14667636144913116095AD8A6966F6FD727E6 at WEBSAHIBISRV.websahibi.com>
>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> Now ,client succesfully connected to vpn but client's gateway is configured
> to 0.0.0.0
>
> One last question.If I use this vpn server as a gateway/transparent
> Proxy,how to change l2tp config?
>
>
>
> -----Original Message-----
> From: ?zg?r Uncuo?lu (WEBSAH?B?)
> Sent: Friday, June 03, 2011 9:58 AM
> To: ?zg?r Uncuo?lu (WEBSAH?B?); Paul Wouters
> Cc: users at openswan.org
> Subject: RE: [Openswan Users] openswan installation
>
> After afew days,I completed the installation.
>
> This is my xl2tpd/openswan installation under debian 6 and it's really
> working.
>
> Debian 6 /2.6.32-5-686
> Openswan 2.6.28+dfsg-5
> Xl2tpd 1.2.7+dfsg-1
>
>
> -------------/etc/ipsec.conf--------------------
>
> version 2.0     # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
>
>        nat_traversal=yes
>        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
>        oe=off
>        protostack=netkey
>
>
> include /etc/ipsec.d/l2tp-psk.conf
>
>
>
> -----------/etc/ipsec.d/l2tp-psk.conf-------------
>
> conn L2TP-PSK-NAT
>        rightsubnet=vhost:%priv
>        also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
>        authby=secret
>        pfs=no
>        auto=add
>        keyingtries=3
>        rekey=no
>        ikelifetime=8h
>        keylife=1h
>        type=transport
>        left=SERVER_REAL_IP
>        leftnexthop=%defaultroute
>        leftprotoport=17/1701
>        right=%any
>        rightprotoport=17/%any
>
>
> ------------/etc/xl2tpd/xl2tpd.conf---------------
> [global]
> listen-addr = SERVER_REAL_IP
> port = 1701
> auth file = /etc/ppp/chap-secrets
> ipsec saref = no
> ;forceuserspace = yes
> ; debug tunnel = yes
>
> [lns default]
> ip range = SERVER_LOCAL_IP-POOL
> local ip = SERVER_LOCAL_IP
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = vpn
> ppp debug = yes
> pppoptfile = /etc/ppp/options.xl2tpd
> length bit = yes
>
>
> ----------/etc/ppp/options.xl2tpd----------------
>
> ipcp-accept-local
> ipcp-accept-remote
> ms-dns A_DNS_RESOLVER_ADDRESS
> noccp
> auth
> crtscts
> idle 1800
> mtu 1410
> mru 1410
> nodefaultroute
> debug
> lock
> proxyarp
> connect-delay 5000
> name vpn
> usehostname
>
>
>
>
>
>
>
> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
> Behalf Of ?zg?r Uncuo?lu (WEBSAH?B?)
> Sent: Monday, May 30, 2011 1:45 PM
> To: Paul Wouters
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] openswan installation
>
> full error logs may help us to find the error;
>
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received
> Vendor ID payload [RFC 3947] method set to=109
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already
> using method 109
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [MS-Negotiation Discovery Capable]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: ignoring
> Vendor ID payload [IKE CGA version 1]
> May 30 13:39:45 vpn pluto[14154]: packet from client_ip:500: initial Main
> Mode message received on server_real_ip:500 but no connection has been
> authorized with policy=PSK
>
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Saturday, May 28, 2011 7:32 PM
> To: ?zg?r Uncuo?lu (WEBSAH?B?)
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] openswan installation
>
>
> Did you use empty lines in your config inside a conn definition? That will
> break things
>
> Paul
>
> On Sat, 28 May 2011, ?zg?r Uncuo?lu (WEBSAH?B?) wrote:
>
> > Date: Sat, 28 May 2011 13:21:01 +0300
> > From: "?zg?r Uncuo?lu (WEBSAH?B?)" <ozgur at websahibi.com>
> > To: "users at openswan.org" <users at openswan.org>
> > Subject: [Openswan Users] openswan installation
> >
> >
> > Hi there,
> >
> > ?
> >
> > Newly installed openswan (2.6.23+dfsg-1ubuntu1 )on ubuntu 10.04 x64 with
> two interfaces.
> >
> > ?
> >
> > When I try to connect from my pc (Windows 7) it logs error below
> >
> > ?
> >
> > pluto[8707]: packet from client_ip:500: initial Main Mode message
> received on server_real_ip:500 but no
> > connection has been authorized with policy=PSK
> >
> > ?
> >
> > ipsec.secrets
> >
> > ?
> >
> > server_real_ip %any: PSK "sharedkey"
> >
> > 192.168.1.1 %any: PSK "sharedkey"
> >
> > ?
> >
> > a part of ipsec.conf
> >
> > ?
> >
> > conn L2TP-PSK
> >
> > ??????? authby=secret
> >
> > ??????? pfs=no
> >
> > ??????? auto=start
> >
> > #?????? auto=add
> >
> > ??????? keyingtries=3
> >
> > ??????? rekey=no
> >
> > ??????? ikelifetime=8h
> >
> > ??????? keylife=1h
> >
> > ??????? type=transport
> >
> > ??????? left=server?s real ip
> >
> > ??????? leftnexthop=real ip gateway (router)
> >
> > ??????? leftprotoport=17/1701
> >
> > #?????? leftprotoport=17/%any
> >
> > ?
> >
> > #?????? right=%any
> >
> > #?????? rightsubnet=vhost:%no,%priv
> >
> > ?
> >
> > ??????? right=192.168.1.1
> >
> > ??????? rightsubnet=192.168.1.0/24
> >
> > ??????? rightprotoport=17/0
> >
> > ?
> >
> > ?
> >
> > googled lots of ?page..lost in configurations
> >
> > lot of combinations tried but ?L
> >
> > ?
> >
> > thnx in advance
> >
> > ?
> >
> > ?
> >
> > ?
> >
> > ?zg?r UNCUO?LU
> >
> > Websahibi Internet Hizmetleri
> >
> > Datacenter Koordinat?r?
> >
> > cid:image001.png at 01CA2FB6.7CDAD530
> >
> > ?
> >
> >
> >
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> ------------------------------
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
>
> End of Users Digest, Vol 91, Issue 3
> ************************************
>



-- 
Thanks and Regards.

Heta Shah
91-9662505876
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110607/b604ba6e/attachment-0001.html 


More information about the Users mailing list