[Openswan Users] Problem in IPSEC L2TP connectivity
heta45 at gmail.com
Wed Sep 14 01:31:01 EDT 2011
I have OPENSWAN SERVER and client both in one network 192.168.1.0/24 and in
server two LANs are dere one fro internal and other for external
On the server side - internal network is 192.168.5.0/24
external Lan card ip is 1192.168.1.121 gw
VPN client ip range is
local VPN ppp interface ip is 192.168.5.10
On the client side is same network of server external Lan card
ip of Lan card is 192.168.1.22 gw 192.168.1.254
I have given MASQUERADING rule on the server side. my ipsec verify output at
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.35/K188.8.131.52-enjay (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
Is any other rule for NAT at the server side is required to connect ???
On Tue, Sep 13, 2011 at 7:17 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Tue, 13 Sep 2011, heta shah wrote:
> Thanks for reply,
>> But when I am adding leftsourceip=192.168.5.X where X is my ip of other
>> interface in server. At that time client can not establish VPN connection
>> with server. At server side
>> this error is coming on /var/log/auth.log file
> And I cannot add leftsubnet tag . When I am adding leftsubnet client
>> cannot able to establish connection .
>> Is any IPSEC version problem or some configuration problem.
>> ipsec --version
>> Linux Openswan U2.6.35/K184.108.40.206-enjay (netkey)
>> xl2tpd --version
>> xl2tpd version: xl2tpd-1.2.8
> I did not realise you were using L2TP, sorry. You do not use a
> leftsourceip= for l2tp.
> One way communication within l2tp is usually caused by
> 1) the L2TP server hands out a range that is not NATed and goes out to the
> internet, but
> replies cannot be received
> 2) the L2TP server is not the default gateway, and is not NATing, so
> replies never get back
> to it.
> 3) router or firewall is blocking the l2tp assigned range of addresses
> Also check with "ipsec verify" if you see any issues.
>> On Mon, Sep 12, 2011 at 9:24 PM, Paul Wouters <paul at xelerance.com> wrote:
>> On Mon, 12 Sep 2011, heta shah wrote:
>> Please help me I am doing some error or not . I am facing this
>> one way communication. Is any route add at server side is required
>> or not ?? My internal network is 192.168.5.0/24 and I want to
>> apply remote network VPN client from this network . In this setup I
>> can communicate from client to server but I cannot communicate
>> from server to client But still VPN connection is showing up.
>> You should never attempt or need to add routes manually.
>> You might want to add on the server a leftsourceip=192.168.5.X (X is
>> whatever IP your server has in that range)
>> Thanks and Regards.
Thanks and Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users