[Openswan Users] IPSEC with L2TP configuration in UBUNTU problem

heta shah heta45 at gmail.com
Sat Jun 25 06:25:26 EDT 2011


Hello experts,

I want to know in xl2tpd configuration

local ip should ip from our local network range or we can define any one.
and also same for range that should define from our internal local ip range
for any network ip range

please give me guidance I am facing some problem . My XP client cannot
connect to VPN server.


On Sat, Jun 25, 2011 at 2:09 PM, heta shah <heta45 at gmail.com> wrote:

> Hello sir,
>
> Thank you .I have gone throught below link
>
>
> On Fri, Jun 24, 2011 at 10:15 PM, Willie Gillespie <
> wgillespie+openswan at es2eng.com> wrote:
>
>> On 6/23/2011 11:51 PM, heta shah wrote:
>>
>>> Hello All experts,
>>>
>>> Any help me regarding IPSEC / L2TP configuration in UBUNTU. HOW To for
>>> IPSEC/L2TP for VPN server configuration in ubuntu....
>>>
>>> Any material/ document...
>>>
>>
>> I'm assuming you want something like this:
>> http://www.rootmanager.com/**ubuntu-ipsec-l2tp-windows-**
>> domain-auth/setting-up-**openswan-xl2tpd-with-native-**
>> windows-clients.html<http://www.rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html>
>>
>>
> I have configure IPSEC with L2TP with PSK shared key. But client cannot
> connect to VPN server. It showing error in xl2tpd .
> My logs of VPN servers are.
>
> tail -f /var/log/auth.log
> Jun 25 13:58:40 cloud-enjay pluto[3914]: packet from 115.248.122.242:4500:
> received and ignored informational message
> Jun 25 13:58:43 cloud-enjay pluto[3914]: packet from 115.248.122.242:500:
> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Jun 25 13:58:43 cloud-enjay pluto[3914]: packet from 115.248.122.242:500:
> ignoring Vendor ID payload [FRAGMENTATION]
> Jun 25 13:58:43 cloud-enjay pluto[3914]: packet from 115.248.122.242:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
> to=106
> Jun 25 13:58:43 cloud-enjay pluto[3914]: packet from 115.248.122.242:500:
> ignoring Vendor ID payload [Vid-Initial-Contact]
> Jun 25 13:58:43 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[27] 115.248.122.242
> #27: responding to Main Mode from unknown peer 115.248.122.242
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[27] 115.248.122.242
> #27: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[27] 115.248.122.242
> #27: STATE_MAIN_R1: sent MR1, expecting MI2
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[27] 115.248.122.242
> #27: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
> NATed
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[27] 115.248.122.242
> #27: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[27] 115.248.122.242
> #27: STATE_MAIN_R2: sent MR2, expecting MI3
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[27] 115.248.122.242
> #27: Main mode peer ID is ID_FQDN: '@2k3test.enjay.com'
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[27] 115.248.122.242
> #27: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: deleting connection "L2TP-PSK-NAT" instance with peer 115.248.122.242
> {isakmp=#0/ipsec=#0}
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: new NAT mapping for #27, was 115.248.122.242:500, now
> 115.248.122.242:4500
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: STATE_MAIN_R3: sent MR3, ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
> group=modp2048}
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: peer client type is FQDN
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: Applying workaround for MS-818043 NAT-T bug
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: IDci was FQDN: t\307\251-, using NAT_OA=192.168.1.35/32 as IDci
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: the peer proposed: 116.199.169.45/32:17/1701 -> 192.168.1.35/32:17/0
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #28: responding to Quick Mode proposal {msgid:d5ee3142}
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #28:     us: 116.199.169.45<116.199.169.45>[+S=C]:17/1701
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #28:   them: 115.248.122.242[@2k3test.enjay.com,+S=C]:17/1701===?
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #28: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #28: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #28: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Jun 25 13:58:44 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #28: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x6f99f081
> <0x1e9a9771 xfrm=3DES_0-HMAC_MD5 NATOA=192.168.1.35 NATD=
> 115.248.122.242:4500 DPD=none}
> Jun 25 13:58:49 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: received Delete SA(0x6f99f081) payload: deleting IPSEC State #28
> Jun 25 13:58:49 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: received and ignored informational message
> Jun 25 13:58:49 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28] 115.248.122.242
> #27: received Delete SA payload: deleting ISAKMP State #27
> Jun 25 13:58:49 cloud-enjay pluto[3914]: "L2TP-PSK-NAT"[28]
> 115.248.122.242: deleting connection "L2TP-PSK-NAT" instance with peer
> 115.248.122.242 {isakmp=#0/ipsec=#0}
> Jun 25 13:58:49 cloud-enjay pluto[3914]: packet from 115.248.122.242:4500:
> received and ignored informational message
>
>
>
> root at cloud-enjay:~# tail -f /var/log/debug
> Jun 25 13:55:25 cloud-enjay xl2tpd[7585]: Unable to deliver closing message
> for tunnel 3261. Destroying anyway.
> Jun 25 13:55:33 cloud-enjay xl2tpd[7585]: control_finish: Peer requested
> tunnel 17 twice, ignoring second one.
> Jun 25 13:55:38 cloud-enjay xl2tpd[7585]: Unable to deliver closing message
> for tunnel 15425. Destroying anyway.
> Jun 25 13:55:43 cloud-enjay xl2tpd[7585]: control_finish: Peer requested
> tunnel 17 twice, ignoring second one.
> Jun 25 13:58:07 cloud-enjay xl2tpd[7585]: control_finish: Peer requested
> tunnel 18 twice, ignoring second one.
> Jun 25 13:58:20 cloud-enjay last message repeated 3 times
> Jun 25 13:58:25 cloud-enjay xl2tpd[7585]: Unable to deliver closing message
> for tunnel 25945. Destroying anyway.
> Jun 25 13:58:30 cloud-enjay xl2tpd[7585]: control_finish: Peer requested
> tunnel 18 twice, ignoring second one.
> Jun 25 13:58:46 cloud-enjay xl2tpd[7585]: control_finish: Peer requested
> tunnel 19 twice, ignoring second one.
> Jun 25 13:58:47 cloud-enjay xl2tpd[7585]: control_finish: Peer requested
> tunnel 19 twice, ignoring second one.
>
>
> Please help me regarding this error.
>
> --
> Thanks and Regards.
>
> Heta Shah
>
>
>
>


-- 
Thanks and Regards.

Heta Shah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110625/99aa7ece/attachment-0001.html 


More information about the Users mailing list