[Openswan Users] Tunnel will not stay up

Kit Peters cpeters at ucmo.edu
Mon Nov 5 10:36:19 EST 2012 

I should probably add my relevant .conf files:

/etc/ipsec.conf (kmos-vpn-bridge, local):
config setup
        protostack=netkey
conn Tipton
        #
        # ----------------------------------------------------------
        # Use a Preshared Key. Disable Perfect Forward Secrecy.
        # Initiate rekeying.
        # Connection type _must_ be Transport Mode.
        #
        authby=secret
        pfs=no
        rekey=yes
        keyingtries=3
        type=transport
        #
        # ----------------------------------------------------------
        # The local Linux machine that connects as a client.
        #
        # The external network interface is used to connect to the server.
        # If you want to use a different interface or if there is no
        # defaultroute, you can use:   left=your.ip.addr.ess
        left=%defaultroute
        #
        leftprotoport=17/1701
        #
        # ----------------------------------------------------------
        # The remote server.
        #
        # Connect to the server at this IP address.
        right=<REMOTE IP>
        #
        rightprotoport=17/1701
        # ----------------------------------------------------------
        #
        # Change 'ignore' to 'add' to enable this configuration.
        #
        auto=add
        DPDACTion=restart_by_peer
        dpdtimeout=30
        dpddelay=3

/etc/xl2tpd/xl2tpd.conf (kmos-vpn-bridge, local):
[lac Tipton]
lns = <REMOTE IP>
require chap = yes
refuse pap = yes
require authentication = yes
; Name should be the same as the username in the PPP authentication!
name = <USERNAME>
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes

/etc/ipsec.conf (como-firewall, remote):

config setup
    oe=off
    protostack=netkey
    nat_traversal=yes

conn L2TP-PSK-NAT
    rightsubnet=vhost:%no
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
        left=<REMOTE IP>
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    dpdaction=restart_by_peer
    dpdtimeout=30
    dpddelay=3

/etc/xl2tpd/xl2tpd.conf (como-firewall, remote):

[global]
        ipsec saref = no
        listen-addr = <REMOTE IP>

[lns default]
        ip range = 192.168.1.100 - 192.168.1.255
        local ip = 192.168.1.1
        assign ip = yes
        require chap = yes
        refuse pap = yes
        require authentication = yes
        name = <NAME>
        ppp debug = no
        pppoptfile = /etc/ppp/options.xl2tpd
        length bit = yes



-- 
-
Kit Peters (W0KEH), Engineer II
KMOS TV Channel 6 / KTBG 90.9 FM
University of Central Missouri
http://kmos.org/ | http://ktbg.fm/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121105/58c780bd/attachment.html>

More information about the Users mailing list