[Openswan Users] Problem in IPSEC L2TP connectivity
heta shah
heta45 at gmail.com
Wed Sep 14 07:30:21 EDT 2011
Hello Sir,
I am not getting when I am adding leftsubnet and leftsourceip in vim
/etc/ipsec.d/l2tp-psk.conf file then client can not make VPN connection
established why this happened??? Other than this two parameter when I am
tring to connect in VPN connection it is established successfully But from
server side there is no route defined for network route so from server I
cannot ping to client and in client route is automatically define with
network so I can ping to server from client.
My server side route are as this.
route -n
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.5.60 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1
In my network all port are allowed firewall is not blocking anything in my
network.
On Wed, Sep 14, 2011 at 11:01 AM, heta shah <heta45 at gmail.com> wrote:
> Hello sir,
>
> I have OPENSWAN SERVER and client both in one network 192.168.1.0/24 and
> in server two LANs are dere one fro internal and other for external
> On the server side - internal network is 192.168.5.0/24
> external Lan card ip is 1192.168.1.121 gw
> 192.168.1.254
> VPN client ip range is
> 192.168.5.60-192.168.5.70
> local VPN ppp interface ip is 192.168.5.10
> On the client side is same network of server external Lan card
> ip of Lan card is 192.168.1.22 gw 192.168.1.254
>
>
> I have given MASQUERADING rule on the server side. my ipsec verify output
> at server side.
>
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
>
> Linux Openswan U2.6.35/K2.6.28.4-enjay (netkey)
> Checking for IPsec support in kernel [OK]
> SAref kernel support [N/A]
> NETKEY: Testing XFRM related proc values [OK]
> [OK]
> [OK]
> Checking that pluto is running [OK]
> Pluto listening for IKE on udp 500 [OK]
> Pluto listening for NAT-T on udp 4500 [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing
> Checking for 'ip' command [OK]
> Checking /bin/sh is not /bin/dash [WARNING]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
>
>
> Is any other rule for NAT at the server side is required to connect ???
>
>
> On Tue, Sep 13, 2011 at 7:17 PM, Paul Wouters <paul at xelerance.com> wrote:
>
>> On Tue, 13 Sep 2011, heta shah wrote:
>>
>> Thanks for reply,
>>> But when I am adding leftsourceip=192.168.5.X where X is my ip of other
>>> interface in server. At that time client can not establish VPN connection
>>> with server. At server side
>>> this error is coming on /var/log/auth.log file
>>>
>>
>> And I cannot add leftsubnet tag . When I am adding leftsubnet client
>>> cannot able to establish connection .
>>> Is any IPSEC version problem or some configuration problem.
>>>
>>> ipsec --version
>>> Linux Openswan U2.6.35/K2.6.28.4-enjay (netkey)
>>>
>>> xl2tpd --version
>>>
>>> xl2tpd version: xl2tpd-1.2.8
>>>
>>
>> I did not realise you were using L2TP, sorry. You do not use a
>> leftsourceip= for l2tp.
>>
>> One way communication within l2tp is usually caused by
>>
>> 1) the L2TP server hands out a range that is not NATed and goes out to the
>> internet, but
>> replies cannot be received
>> 2) the L2TP server is not the default gateway, and is not NATing, so
>> replies never get back
>> to it.
>> 3) router or firewall is blocking the l2tp assigned range of addresses
>>
>> Also check with "ipsec verify" if you see any issues.
>>
>> Paul
>>
>>
>>
>>
>>> On Mon, Sep 12, 2011 at 9:24 PM, Paul Wouters <paul at xelerance.com>
>>> wrote:
>>> On Mon, 12 Sep 2011, heta shah wrote:
>>>
>>> Please help me I am doing some error or not . I am facing this
>>> one way communication. Is any route add at server side is required
>>> or not ?? My internal network is 192.168.5.0/24 and I want to
>>> apply remote network VPN client from this network . In this setup I
>>> can communicate from client to server but I cannot communicate
>>> from server to client But still VPN connection is showing up.
>>>
>>>
>>> You should never attempt or need to add routes manually.
>>>
>>> You might want to add on the server a leftsourceip=192.168.5.X (X is
>>> whatever IP your server has in that range)
>>>
>>> Paul
>>>
>>>
>>>
>>>
>>> --
>>> Thanks and Regards.
>>>
>>> Heta
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>
>
> --
> Thanks and Regards.
>
> Heta Shah
>
>
>
>
>
--
Thanks and Regards.
Heta Shah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110914/84d2251d/attachment.html
More information about the Users
mailing list