[Openswan Users] Simple L2TP/IPsec server not working (openswan, xl2tpd, Ubuntu, Windows)

Yang Zhang yanghatespam at gmail.com
Tue Feb 5 22:21:10 EST 2013


Hi Bob, you're right - that made progress, but I am still unable to
connect.  I updated my question in light of your answer.  Any idea why
ipsec is ignoring the connection?

I noticed that the auth.log now mentions ESP.  At first I thought this
might be a problem, since (AFAICT) the EC2 firewall (which can't be
disabled) doesn't have any options to permit/route ESP packets.  But,
observing tshark output on the client, it doesn't appear any are even
being sent.

(If ESP will indeed pose a problem eventually, if not now, what's the
easiest configuration for an alternative mode of transport?)

Thanks for any answers.

On Sat, Feb 2, 2013 at 12:32 AM, Bob Miller <bob at computerisms.ca> wrote:
> I see.
>
> then my guess would be left=MY.PUBLIC.IP.ADDRESS would be the problem,
> since this is looking for a connection at 10.252.194.250:500.  I would
> expect it should be left=ipofethx, but I have never put openswan behind
> nat before, so not sure how that works....
> --
> Computerisms
> Bob Miller
> 867-334-7117 / 867-633-3760
> http://computerisms.ca
>
>
> On Fri, 2013-02-01 at 23:22 -0800, Yang Zhang wrote:
>> Yes, if you scroll down the you'll see that in the /etc/ipsec.conf.
>>
>> On Fri, Feb 1, 2013 at 9:19 PM, Bob Miller <bob at computerisms.ca> wrote:
>> > Feb  2 00:27:49 ip-10-252-194-250 pluto[3845]: packet from
>> > 64.236.139.254:8514: initial Main Mode message received on
>> > 10.252.194.250:500 but no connection has been authorized with policy=PSK
>> >
>> >
>> > do you have authby=secret in your conn?
>> >
>> >
>> > --
>> > Computerisms
>> > Bob Miller
>> > 867-334-7117 / 867-633-3760
>> > http://computerisms.ca
>> >
>> >
>> > On Fri, 2013-02-01 at 18:15 -0800, Yang Zhang wrote:
>> >> Hi, thought I'd try this list for help with my question:
>> >>
>> >> http://serverfault.com/questions/474742/simple-l2tp-ipsec-server-not-working-openswan-xl2tpd-ubuntu-windows
>> >>
>> >> Thanks a lot, really appreciate it!
>> >> _______________________________________________
>> >> Users at lists.openswan.org
>> >> https://lists.openswan.org/mailman/listinfo/users
>> >> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> >> Building and Integrating Virtual Private Networks with Openswan:
>> >> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>> >
>> > _______________________________________________
>> > Users at lists.openswan.org
>> > https://lists.openswan.org/mailman/listinfo/users
>> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> > Building and Integrating Virtual Private Networks with Openswan:
>> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>>
>



-- 
Yang Zhang
http://yz.mit.edu/


More information about the Users mailing list