[Openswan Users] Openswan on ubuntu 12.04 - L2TP connections doesn't go through and system hangs

Nagabhushana R rnbhushana at yahoo.co.in
Wed Oct 17 13:02:32 EDT 2012 

Hi,
  Paul Wouters asked me verify my config against the sample config at openswan wiki. There were a couple of small differences. I think I had missed 
listen-addr =
in the xl2tpd.conf file. I added that.


Also I changed my ipsec.conf to more like what is mentioned in the wiki link below. Now IPSec SA itself is not coming up. The logs on my server say

"L2TP-PSK"[1] 106.198.122.153 #1: the peer proposed: 12.23.11.78/32:17/1701 -> 106.198.122.153/32:17/0
"L2TP-PSK"[1] 106.198.122.153 #1: peer proposal was reject in a virtual connection policy
 because:
"L2TP-PSK"[1] 106.198.122.153 #1:   a private network 
virtual IP was required, but the proposed IP did not match our list 
(virtual_private=)
"L2TP-PSK"[1] 106.198.122.153 #1: peer proposal was reject in a virtual connection policy because:
"L2TP-PSK"[1]
 106.198.122.153 #1:   a private network virtual IP was required, but 
the proposed IP did not match our list (virtual_private=)
"L2TP-PSK"[1]
 106.198.122.153 #1: cannot respond to IPsec SA request because no 
connection is known for 
12.23.11.78<12.23.11.78>[+S=C]:17/1701...106.198.122.153[+S=C]:17/%any
"L2TP-PSK"[1] 106.198.122.153 #1: sending encrypted notification INVALID_ID_INFORMATION to 106.198.122.153:500


my ipsec.conf is

config setup
        dumpdir=/var/run/pluto/
        #nat_traversal=yes 
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:172.16.0.0/12
        oe=off 
        protostack=netkey
        interfaces="%defaultroute"


conn L2TP-PSK

    authby=secret
    pfs=no
    auto=add
    rekey=no
    ikelifetime=8h
    keyingtries=3
    keylife=1h
    type=transport
    #left=192.168.1.108
    left=12.23.11.78
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    rightsubnet=vhost:%priv


This device is not behind any other GW, so I disabled NAT Traversal. I guess that is fine.

Earlier I had my ipsec.conf as per the one mentioned here 
http://blog.riobard.com/2010/04/30/l2tp-over-ipsec-ubuntu and SA used to come up.


Also the xl2tpd.conf now looks like

[global]       ; Global parameters:
ipsec saref = yes
listen-addr = 12.23.11.78


[lns default]
ip range = 192.168.1.5-192.168.1.50
local ip = 192.168.1.108
assign ip = yes
require chap = yes
;refuse chap = yes
refuse pap = yes
require authentication =
 yes
name = OpenswanVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes


it would be really of help if you can validate this config once. I am 
trying this for first time and not really know the ipsec/l2tp world 
much.

--Bhushana






>________________________________
> From: Kit Peters <cpeters at ucmo.edu>
>To: Nagabhushana R <rnbhushana at yahoo.co.in> 
>Cc: "users at lists.openswan.org" <users at lists.openswan.org> 
>Sent: Wednesday, 17 October 2012 8:00 PM
>Subject: Re: [Openswan Users] Openswan on ubuntu 12.04 - L2TP connections doesn't go through and system hangs
> 
>
>Bhushana -
>
>
>Please post your xl2tpd.conf (or the config file for whatever L2TP implementation you use) and your ipsec.conf.  
>
>
>KP
>
>
>On Mon, Oct 15, 2012 at 8:23 AM, Nagabhushana R <rnbhushana at yahoo.co.in> wrote:
>
>Hi,
>>
>>server: Openswan 2.6.37-1 on ubuntu 12.04
>>Client - Mac OSx 10.7.4
>>
>>I have setup the server mostly based on the configurations mentioned at http://blog.riobard.com/2010/04/30/l2tp-over-ipsec-ubuntu
>>and I also cross verified them against the examples given at https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd
>>
>>The IPSec connection goes through fine, but the l2tpd connection doesn't.
>>Logs on my Mac Client
>>
>>Oct 15 16:55:41 1921681104 pppd[4626]: IPSec connection started
>>Oct 15 16:55:41 1921681104 racoon[4627]: Connecting.
>>Oct 15 16:55:41 1921681104 racoon[4627]: IPSec Phase1 started (Initiated by me).
>>Oct 15 16:55:41 1921681104 racoon[4627]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
>>Oct 15 16:55:41 1921681104
 racoon[4627]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
>>Oct 15 16:55:41 1921681104 racoon[4627]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
>>Oct 15 16:55:41 1921681104 racoon[4627]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
>>Oct 15 16:55:41 1921681104 racoon[4627]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IKEv1 Phase1 AUTH: success. (Initiator, Main-Mode Message 6).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IKE Packet: receive success. (Initiator, Main-Mode message 6).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IKEv1 Phase1 Initiator: success. (Initiator, Main-Mode).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IPSec Phase1 established (Initiated by me).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IPSec Phase2 started (Initiated by me).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IKE Packet: transmit success.
 (Initiator, Quick-Mode message 1).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).
>>Oct 15 16:55:42 1921681104 racoon[4627]: IPSec Phase2 established (Initiated by me).
>>Oct 15 16:55:42 1921681104 pppd[4626]: IPSec connection established
>>Oct 15 16:56:02 1921681104 pppd[4626]: L2TP cannot connect to the server
>>
>>I verified that xl2tpd is running and bound to correct ports.
>>
>>Any pointers to what am I missing here would be of great help.
>>
>>Thanks
>>
>>--
>>Bhushana
>>
>>
>>
>>_______________________________________________
>>Users at lists.openswan.org
>>https://lists.openswan.org/mailman/listinfo/users
>>Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>Building and Integrating Virtual Private Networks with Openswan:
>>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>
>
>
>-- 
>
>-Kit Peters (W0KEH), Engineer II
>KMOS TV Channel 6 / KTBG 90.9 FM
>University of Central Missouri
>http://kmos.org/ | http://ktbg.fm/
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121018/ad620a9a/attachment-0001.html>

More information about the Users mailing list