[Openswan Users] Problem in IPSEC L2TP connectivity
heta45 at gmail.com
Sat Sep 10 03:52:26 EDT 2011
I have done mdification as u guide.
Because My VPN client is in 192.168.1.0/24 subnet so I allow
192.168.1.0/24 and disallow 192.168.5.0/24
And chap-secrets file I have tested both testing with wild card "*" and
192.168.5.0/24 . But still It is acting as a one way communication . My VPN
client is Windows XP with 192.168.1.0/24 subnet ip.
Please help me.
On Sat, Sep 10, 2011 at 10:06 AM, heta shah <heta45 at gmail.com> wrote:
> Hello Sir,
> Thanks for reply. I have done this setting . But It still doing one
> way communication. I can connect to server from client but from server I am
> able to connect client I cannot able to ping client from server side.
> On Sat, Sep 10, 2011 at 1:57 AM, Paul Wouters <paul at xelerance.com> wrote:
>> On Fri, 9 Sep 2011, heta shah wrote:
>> I have configured IPSEC and L2TP in ubuntu system . I want to
>>> configure road worries setup . In this my VPN is working fine .
>>> Windows system is connected with ubuntu VPN server and I can connect with
>>> vpn server from windows VPN client but I cannot connect
>>> mean cannot ping to windows VPN client from ubuntu VPN server. This is my
>>> configuration of ubuntu VPN server.
>> You might need to tweak the registry on Windows as your Liunx VPN server
>> is behind NAT (If i read
>> your config below correctly)
>> conn L2TP-PSK-noNAT
>>> # Configuration for one user with any type of IPsec/L2TP client
>>> # including the updated Windows 2000/XP (MS KB Q818043), but
>>> # excluding the non-updated Windows 2000/XP.
>>> # Use a Preshared Key. Disable Perfect Forward Secrecy.
>>> # PreSharedSecret needs to be specified in /etc/ipsec.secrets as
>>> # YourIPAddress %any: "sharedsecret"
>>> # we cannot rekey for %any, let client rekey
>>> # Apple iOS doesn't send delete notify so we need dead peer
>>> # to detect vanishing clients
>>> # Set ikelifetime and keylife to same defaults windows has
>>> # l2tp-over-ipsec is transport mode
>>> # For updated Windows 2000/XP clients,
>>> # to support old clients as well, use leftprotoport=17/%any
>> That should normally be 17/1701, unless your NAT gateway is doing
>> something weird
>>> # The remote user.
>>> # Using the magic port of "%any" means "any one single port".
>>> This is
>>> # a work around required for Apple OSX clients that use a
>>> # high port.
>> You are missing rightsubnet=vhost:%priv,%no You "config setup" also needs
>> to have:
>> # Secrets for authentication using CHAP
>>> # client server secret IP addresses
>>> username * "password" *
>>> * username "password" *
>> Don't you want that last column be be something like 192.168.5.0/24 ?
> Thanks and Regards.
> Heta Shah
Thanks and Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users