[Openswan Users] ipsec+l2tp vpn failed
Elison Niven
elison.niven at elitecore.com
Tue Sep 25 03:21:30 EDT 2012
Why don't you start by correcting these errors first :
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 ERROR
"/etc/ipsec.secrets" line 1: index "%any:PSK" non-hex field in IPv6 numeric
address
Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 ERROR
"/etc/ipsec.secrets" line 1: index "yyuiGTH" does not look numeric and name
lookup failed
On Tue, Sep 25, 2012 at 12:20 PM, xutingting <t.t.xu at outsideheaven.com> wrote:
> Hi,
>
> I have installed openswan-2.6.24 and xl2tp on my vps,i used yum to install
> xl2tpd.Aftering installing and configing,the vpn did not work.It showed error
> code 691,but the username and password were all correct.
>
> I have checked the log.
> =====================
> log file:
> Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec_setup: ...Openswan
> IPsec stopped
> Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 kernel: NET: Registered
> protocol family 15
> Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec_setup: Starting
> Openswan IPsec U2.6.24/K2.6.18-308.11.1.el5xen...
> Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec_setup: Using
> NETKEY(XFRM) stack
> Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 kernel: ipv6 esp init:
> can't add xfrm type
> Sep 24 09:20:24 acf9f826-1201-4213-9ac7-2c1fc1579e88 kernel: ipv6 ah init: can't
> add xfrm type
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec_setup: ...Openswan
> IPsec started
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 pluto: adjusting ipsec.d to
> /etc/ipsec.d
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: adjusting
> ipsec.d to /etc/ipsec.d
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 002 added
> connection description "L2TP-PSK-NAT"
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 002 added
> connection description "L2TP-PSK-noNAT"
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 NAT-
> Traversal: Trying new style NAT-T
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 NAT-
> Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 NAT-
> Traversal: Trying old style NAT-T
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 ERROR
> "/etc/ipsec.secrets" line 1: index "%any:PSK" non-hex field in IPv6 numeric
> address
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003 ERROR
> "/etc/ipsec.secrets" line 1: index "yyuiGTH" does not look numeric and name
> lookup failed
> Sep 24 09:20:25 acf9f826-1201-4213-9ac7-2c1fc1579e88 ipsec__plutorun: 003
> "/etc/ipsec.secrets" line 1: unexpected end of id list
> Sep 25 00:04:14 acf9f826-1201-4213-9ac7-2c1fc1579e88 auditd[1226]: Audit daemon
> rotating log files
> ================
>
> The infomation of my ipsec.conf:
> config setup
> dumpdir=/var/run/pluto/
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.
> 0/8,%v6:fd00::/8,%v6:fe80::/10
> oe=off
> protostack=netkey
> conn L2TP-PSK-NAT
> rightsubnet=vhost:%priv
> also=L2TP-PSK-noNAT
> conn L2TP-PSK-noNAT
> authby=secret
> pfs=no
> auto=add
> keyingtries=3
> rekey=no
> ikelifetime=8h
> keylife=1h
> type=transport
> left=My server Ip
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/%any
>
> ipsec.secrets:
> My server Ip %any:PSK yyuiGTH
>
> Thanks for any help.
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list