[Openswan Users] Simple L2TP/IPsec server not working (openswan, xl2tpd, Ubuntu, Windows)
Yang Zhang
yanghatespam at gmail.com
Wed Feb 6 12:58:05 EST 2013
Thanks, I see that that should help me avoid ESP problems. However,
it doesn't seem to have affected whatever is the present roadblock.
On Tue, Feb 5, 2013 at 10:01 PM, Leto <letoams at gmail.com> wrote:
> forceencaps=yes
>
> On the road...
>
> On 2013-02-05, at 22:21, Yang Zhang <yanghatespam at gmail.com> wrote:
>
>> Hi Bob, you're right - that made progress, but I am still unable to
>> connect. I updated my question in light of your answer. Any idea why
>> ipsec is ignoring the connection?
>>
>> I noticed that the auth.log now mentions ESP. At first I thought this
>> might be a problem, since (AFAICT) the EC2 firewall (which can't be
>> disabled) doesn't have any options to permit/route ESP packets. But,
>> observing tshark output on the client, it doesn't appear any are even
>> being sent.
>>
>> (If ESP will indeed pose a problem eventually, if not now, what's the
>> easiest configuration for an alternative mode of transport?)
>>
>> Thanks for any answers.
>>
>> On Sat, Feb 2, 2013 at 12:32 AM, Bob Miller <bob at computerisms.ca> wrote:
>>> I see.
>>>
>>> then my guess would be left=MY.PUBLIC.IP.ADDRESS would be the problem,
>>> since this is looking for a connection at 10.252.194.250:500. I would
>>> expect it should be left=ipofethx, but I have never put openswan behind
>>> nat before, so not sure how that works....
>>> --
>>> Computerisms
>>> Bob Miller
>>> 867-334-7117 / 867-633-3760
>>> http://computerisms.ca
>>>
>>>
>>> On Fri, 2013-02-01 at 23:22 -0800, Yang Zhang wrote:
>>>> Yes, if you scroll down the you'll see that in the /etc/ipsec.conf.
>>>>
>>>> On Fri, Feb 1, 2013 at 9:19 PM, Bob Miller <bob at computerisms.ca> wrote:
>>>>> Feb 2 00:27:49 ip-10-252-194-250 pluto[3845]: packet from
>>>>> 64.236.139.254:8514: initial Main Mode message received on
>>>>> 10.252.194.250:500 but no connection has been authorized with policy=PSK
>>>>>
>>>>>
>>>>> do you have authby=secret in your conn?
>>>>>
>>>>>
>>>>> --
>>>>> Computerisms
>>>>> Bob Miller
>>>>> 867-334-7117 / 867-633-3760
>>>>> http://computerisms.ca
>>>>>
>>>>>
>>>>> On Fri, 2013-02-01 at 18:15 -0800, Yang Zhang wrote:
>>>>>> Hi, thought I'd try this list for help with my question:
>>>>>>
>>>>>> http://serverfault.com/questions/474742/simple-l2tp-ipsec-server-not-working-openswan-xl2tpd-ubuntu-windows
>>>>>>
>>>>>> Thanks a lot, really appreciate it!
>>>>>> _______________________________________________
>>>>>> Users at lists.openswan.org
>>>>>> https://lists.openswan.org/mailman/listinfo/users
>>>>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>
>>>>> _______________________________________________
>>>>> Users at lists.openswan.org
>>>>> https://lists.openswan.org/mailman/listinfo/users
>>>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>>
>> --
>> Yang Zhang
>> http://yz.mit.edu/
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
--
Yang Zhang
http://yz.mit.edu/
More information about the Users
mailing list