[Openswan Users] Problem in IPSEC L2TP connectivity

heta shah heta45 at gmail.com
Fri Sep 9 07:44:54 EDT 2011


Hello Experts ,

I have configured IPSEC and L2TP in ubuntu system . I want to configure road
worries setup . In this my VPN is working fine . Windows system is connected
with ubuntu VPN server and I can connect with vpn server from windows VPN
client but I cannot connect mean cannot ping to windows VPN client from
ubuntu VPN server. This is my configuration of ubuntu VPN server.

vim /etc/ipsec.d/l2tp-psk.conf
  conn L2TP-PSK-NAT
        rightsubnet=vhost:%priv
        also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
        #
        # Configuration for one user with any type of IPsec/L2TP client
        # including the updated Windows 2000/XP (MS KB Q818043), but
        # excluding the non-updated Windows 2000/XP.
        #
        #
        # Use a Preshared Key. Disable Perfect Forward Secrecy.
        #
        # PreSharedSecret needs to be specified in /etc/ipsec.secrets as
        # YourIPAddress  %any: "sharedsecret"
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        # we cannot rekey for %any, let client rekey
        rekey=no
        # Apple iOS doesn't send delete notify so we need dead peer
detection
        # to detect vanishing clients
        dpddelay=10
        dpdtimeout=90
        dpdaction=clear
        # Set ikelifetime and keylife to same defaults windows has
        ikelifetime=8h
        keylife=1h
        # l2tp-over-ipsec is transport mode
        type=transport
        #
        left=192.168.1.121
        leftnexthop=192.168.1.254
        #
        # For updated Windows 2000/XP clients,
        # to support old clients as well, use leftprotoport=17/%any
        leftprotoport=17/%any
        #
        # The remote user.
           #
        right=%any
        # Using the magic port of "%any" means "any one single port". This
is
        # a work around required for Apple OSX clients that use a randomly
        # high port.
        rightprotoport=17/%any

# Normally, KLIPS drops all plaintext traffic from IP's it has a crypted
# connection with. With L2TP clients behind NAT, that's not really what
# you want. The connection below allows both l2tp/ipsec and plaintext
# connections from behind the same NAT router.
# The l2tpd use a leftprotoport, so they are more specific and will be used
# first. Then, packets for the host on different ports and protocols (eg
ssh)
# will match this passthrough conn.
conn passthrough-for-non-l2tp
        type=passthrough
        left=192.168.1.121
        leftnexthop=192.168.1.254
        right=0.0.0.0
        rightsubnet=0.0.0.0/0
        auto=route


vim /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = 192.168.1.121

[lns default]
ip range = 192.168.5.10-192.168.5.20
local ip = 192.168.5.60
;require chap = yes
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes


vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
username        *               "password"        *
*               username        "password"        *


Please check this configuration This is my testing system for checking ipsec
L2TP configuration. Please check it is giving one way communication. If any
error Please tell me.


-- 
Thanks and Regards.

Heta Shah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110909/279e047e/attachment-0001.html 


More information about the Users mailing list