[Openswan Users] CentOS 6.2 L2TP + IPsec
Syf
syf.lecho at laposte.net
Thu Nov 8 07:55:12 EST 2012
Hello,
Sorry, wrong manip, I forgot to add my issue:
Nov 8 13:53:44 microproliant xl2tpd[6642]: Maximum retries exceeded for
tunnel 22066. Closing.
Nov 8 13:53:44 microproliant xl2tpd[6642]: Connection 58713 closed to
90.84.144.125, port 57842 (Timeout)
Nov 8 13:53:46 microproliant nss_wins[6630]: ERROR: asynchronous network
error report on eth0 (sport=4500) for message to 90.84.144.125 port 21071,
complainant 90.84.144.125: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Nov 8 13:53:46 microproliant nss_wins[6630]: ERROR: asynchronous network
error report on eth0 (sport=4500) for message to 90.84.144.125 port 21071,
complainant 90.84.144.125: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Nov 8 13:53:47 microproliant nss_wins[6630]: ERROR: asynchronous network
error report on eth0 (sport=4500) for message to 90.84.144.125 port 21071,
complainant 90.84.144.125: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Nov 8 13:53:47 microproliant nss_wins[6630]: ERROR: asynchronous network
error report on eth0 (sport=4500) for message to 90.84.144.125 port 21071,
complainant 90.84.144.125: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Nov 8 13:53:49 microproliant nss_wins[6630]: ERROR: asynchronous network
error report on eth0 (sport=4500) for message to 90.84.144.125 port 21071,
complainant 90.84.144.125: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
I'm a bit lost so any help would be appreciated!
Julien
2012/11/8 Syf <syf.lecho at laposte.net>
> Hello,
>
> I would like to setup a VPN server for my personal usage to connect my
> devices to my home Lan from the internet, so it looks like this:
>
> Android ------|
> | INTERNET |----- Internet IP +
> Modem/Router + 192.168.1.1 ------| LAN 192.168.1.0 |----- 192.168.1.3 +
> CentOS 6.2
> Laptop ------|
>
> I'm using a dynamic dns to reach my CentOS server from the web, and my
> router has the following routing rules:
> L2TP-IKE 0.0.0.0:500/UDP ---> 192.168.1.3:500/UDP
> L2TP-NAT 0.0.0.0:4500/UDP ---> 192.168.1.3:4500/UDP
> L2TP-Traffic 0.0.0.0:1701/UDP ---> 192.168.1.3:1701/UDP
>
> iptables is stop on the server as my Router handles the firewall.
>
> So I tryed to follow some tutorial like:
>
> https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd
>
> Here is my current configuration:
>
> */etc/ipsec.conf*
>
> *version 2.0 # conforms to second version of ipsec.conf specification*
> *
> *
> *config setup*
> * # Debug-logging controls: “none” for (almost) none, “all” for
> lots.*
> * # klipsdebug=none*
> * # plutodebug=”control parsing”*
> * # For Red Hat Enterprise Linux and Fedora, leave
> protostack=netkey*
> * protostack=netkey*
> * nat_traversal=yes*
> * virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12s*
> *
> *
> * oe=off*
> *
> *
> * # Enable this if you see “failed to find any available worker”*
> * nhelpers=0*
> *
> *
> *conn L2TP-PSK-NAT*
> * rightsubnet=vhost:%no,%priv*
> * also=L2TP-PSK-noNAT*
> *
> *
> *conn L2TP-PSK-noNAT*
> * leftnexthop=%defaultroute*
> * authby=secret*
> * pfs=no*
> * auto=add*
> * keyingtries=3*
> * rekey=no*
> * type=transport*
> * left=%defaultroute*
> * # leftprotoport=17/%any*
> * leftprotoport=17/1701*
> * right=%any*
>
> /etc/ipsec.d/l2tp.secrets
>
> *192.168.1.3 %any 0.0.0.0: PSK "pskpassword"*
> *
> *
>
> */etc/xl2tpd/xl2tpd.conf*
>
> *[global]*
> *; you cannot leave out listen-addr, causes possible wrong src ip on
> return packets*
> *listen-addr = 192.168.1.3*
> *;ipsec saref = yes ; For SAref + MAST only*
> *debug tunnel = yes*
> *;force userspace = yes*
> *
> *
> *[lns default]*
> *ip range = 192.168.1.150-192.168.1.200*
> *local ip = 192.168.1.3*
> *assign ip = yes*
> *require chap = yes*
> *refuse pap = yes*
> *require authentication = yes*
> *name = JubhomeVPN*
> *ppp debug = yes*
> *pppoptfile = /etc/ppp/options.xl2tpd*
> *length bit = yes*
>
> */etc/ppp/options.xl2tpd*
>
> *ipcp-accept-local*
> *ipcp-accept-remote*
> *ms-dns 192.168.1.1*
> *ms-dns 8.8.8.8*
> *noccp*
> *auth*
> *crtscts*
> *idle 1800*
> *mtu 1200*
> *mru 1200*
> *nodefaultroute*
> *debug*
> *lock*
> *proxyarp*
> *connect-delay 5000*
> *
> *
>
> */etc/ppp/chap-secrets*
>
> # Secrets for authentication using CHAP
> # client server secret IP addresses
> user1 * user1pwd *
>
> Everything is set as it should in /etc/sysctl.conf
>
>
> *ipsec verify returns:*
>
> *~> ipsec verify*
> *Checking your system to see if IPsec got installed and started correctly:
> *
> *Version check and ipsec on-path [OK]*
> *Linux Openswan U2.6.38dr2/K2.6.32-220.17.1.el6.x86_64 (netkey)*
> *Checking for IPsec support in kernel [OK]*
> * SAref kernel support [N/A]*
> * NETKEY: Testing XFRM related proc values [OK]*
> * [OK]*
> * [OK]*
> *Testing against enforced SElinux mode [OK]*
> *Checking that pluto is running [OK]*
> * Pluto listening for IKE on udp 500 [OK]*
> * Pluto listening for NAT-T on udp 4500 [OK]*
> *Checking for 'ip' command [OK]*
> *Checking /bin/sh is not /bin/dash [WARNING]
> *
> *Checking for 'iptables' command [OK]*
> *Opportunistic Encryption Support
> [DISABLED]*
> *
> *
> *
> *
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121108/b0cea1d4/attachment-0001.html>
More information about the Users
mailing list