[Openswan Users] Problem in IPSEC L2TP connectivity

heta shah heta45 at gmail.com
Mon Sep 12 02:28:23 EDT 2011 

Hello Sir,,

Please help me I am doing some error or not . I am facing this one way
communication. Is any route add at server side is required or not ?? My
internal network is 192.168.5.0/24 and I want to apply remote network VPN
client from this network . In this setup I can communicate from client to
server but I cannot communicate from server to client But still VPN
connection is showing up.

I am waiting your reply.

On Sat, Sep 10, 2011 at 1:22 PM, heta shah <heta45 at gmail.com> wrote:

> Hello Sir,
>
> I have done mdification as u guide.
>
> leftprotoport=17/1701
>
>
> virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.5.0/24
>            Because My VPN client is in 192.168.1.0/24 subnet so I allow
> 192.168.1.0/24 and disallow 192.168.5.0/24
>
> And chap-secrets file I have tested both testing with wild card "*" and
> 192.168.5.0/24 . But still It is acting as a one way communication . My
> VPN client is Windows XP with 192.168.1.0/24 subnet ip.
>
> Please help me.
>
>
>
> On Sat, Sep 10, 2011 at 10:06 AM, heta shah <heta45 at gmail.com> wrote:
>
>> Hello Sir,
>>
>> Thanks for reply. I have done this setting . But It still doing one
>> way communication. I can connect to server from client but from server I am
>> able to connect client I cannot able to ping client from server side.
>>
>>
>> On Sat, Sep 10, 2011 at 1:57 AM, Paul Wouters <paul at xelerance.com> wrote:
>>
>>> On Fri, 9 Sep 2011, heta shah wrote:
>>>
>>>  I have configured IPSEC and L2TP in ubuntu system . I want to
>>>> configure road worries setup . In this my VPN is working fine .
>>>> Windows system is connected with ubuntu VPN server and I can connect
>>>> with vpn server from windows VPN client but I cannot connect
>>>> mean cannot ping to windows VPN client from ubuntu VPN server. This is
>>>> my configuration of ubuntu VPN server.
>>>>
>>>
>>> You might need to tweak the registry on Windows as your Liunx VPN server
>>> is behind NAT (If i read
>>> your config below correctly)
>>>
>>>
>>>  conn L2TP-PSK-noNAT
>>>>         #
>>>>         # Configuration for one user with any type of IPsec/L2TP client
>>>>         # including the updated Windows 2000/XP (MS KB Q818043), but
>>>>         # excluding the non-updated Windows 2000/XP.
>>>>         #
>>>>         #
>>>>         # Use a Preshared Key. Disable Perfect Forward Secrecy.
>>>>         #
>>>>         # PreSharedSecret needs to be specified in /etc/ipsec.secrets as
>>>>         # YourIPAddress  %any: "sharedsecret"
>>>>         authby=secret
>>>>         pfs=no
>>>>         auto=add
>>>>         keyingtries=3
>>>>         # we cannot rekey for %any, let client rekey
>>>>         rekey=no
>>>>         # Apple iOS doesn't send delete notify so we need dead peer
>>>> detection
>>>>         # to detect vanishing clients
>>>>         dpddelay=10
>>>>         dpdtimeout=90
>>>>         dpdaction=clear
>>>>         # Set ikelifetime and keylife to same defaults windows has
>>>>         ikelifetime=8h
>>>>         keylife=1h
>>>>         # l2tp-over-ipsec is transport mode
>>>>         type=transport
>>>>         #
>>>>         left=192.168.1.121
>>>>         leftnexthop=192.168.1.254
>>>>         #
>>>>         # For updated Windows 2000/XP clients,
>>>>         # to support old clients as well, use leftprotoport=17/%any
>>>>         leftprotoport=17/%any
>>>>
>>>
>>> That should normally be 17/1701, unless your NAT gateway is doing
>>> something weird
>>>
>>>
>>>          #
>>>>         # The remote user.
>>>>            #
>>>>         right=%any
>>>>         # Using the magic port of "%any" means "any one single port".
>>>> This is
>>>>         # a work around required for Apple OSX clients that use a
>>>> randomly
>>>>         # high port.
>>>>         rightprotoport=17/%any
>>>>
>>>
>>> You are missing rightsubnet=vhost:%priv,%no You "config setup" also needs
>>> to have:
>>>
>>>        nat_traversal=yes
>>>        virtual_private=%v4:10.0.0.0/**8,%v4:192.168.0.0/16,%v4:172.**
>>> 16.0.0/12,%v4:!192.168.1.0/24,**%v4:!192.168.5.0/24
>>>
>>>
>>>  # Secrets for authentication using CHAP
>>>> # client        server  secret                  IP addresses
>>>> username        *               "password"        *
>>>> *               username        "password"        *
>>>>
>>>
>>> Don't you want that last column be be something like 192.168.5.0/24 ?
>>>
>>> Paul
>>>
>>
>>
>>
>> --
>> Thanks and Regards.
>>
>> Heta Shah
>>
>>
>>
>>
>>
>
>
> --
> Thanks and Regards.
>
> Heta Shah
>
>
>


-- 
Thanks and Regards.

Heta Shah
91-9662505876
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110912/39f231bc/attachment.html

More information about the Users mailing list