[Openswan Users] Simple L2TP/IPsec server not working (openswan, xl2tpd, Ubuntu, Windows)
Bob Miller
bob at computerisms.ca
Wed Feb 6 12:58:57 EST 2013
STATE_QUICK_R2: IPsec SA established transport mode
This line here ^^ means that your ipsec tunnel is established.
This (generally) means your problem could be one of two things: l2tp
layer is rejecting you; iptables is blocking you. I would start with
the l2tp logs and see what you find there. failing that, your two best
friends to figure out what is happening are tcpdump and "iptables
(filters here) -j LOG"
--
Computerisms
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
On Tue, 2013-02-05 at 19:21 -0800, Yang Zhang wrote:
> Hi Bob, you're right - that made progress, but I am still unable to
> connect. I updated my question in light of your answer. Any idea why
> ipsec is ignoring the connection?
>
> I noticed that the auth.log now mentions ESP. At first I thought this
> might be a problem, since (AFAICT) the EC2 firewall (which can't be
> disabled) doesn't have any options to permit/route ESP packets. But,
> observing tshark output on the client, it doesn't appear any are even
> being sent.
>
> (If ESP will indeed pose a problem eventually, if not now, what's the
> easiest configuration for an alternative mode of transport?)
>
> Thanks for any answers.
>
> On Sat, Feb 2, 2013 at 12:32 AM, Bob Miller <bob at computerisms.ca> wrote:
> > I see.
> >
> > then my guess would be left=MY.PUBLIC.IP.ADDRESS would be the problem,
> > since this is looking for a connection at 10.252.194.250:500. I would
> > expect it should be left=ipofethx, but I have never put openswan behind
> > nat before, so not sure how that works....
> > --
> > Computerisms
> > Bob Miller
> > 867-334-7117 / 867-633-3760
> > http://computerisms.ca
> >
> >
> > On Fri, 2013-02-01 at 23:22 -0800, Yang Zhang wrote:
> >> Yes, if you scroll down the you'll see that in the /etc/ipsec.conf.
> >>
> >> On Fri, Feb 1, 2013 at 9:19 PM, Bob Miller <bob at computerisms.ca> wrote:
> >> > Feb 2 00:27:49 ip-10-252-194-250 pluto[3845]: packet from
> >> > 64.236.139.254:8514: initial Main Mode message received on
> >> > 10.252.194.250:500 but no connection has been authorized with policy=PSK
> >> >
> >> >
> >> > do you have authby=secret in your conn?
> >> >
> >> >
> >> > --
> >> > Computerisms
> >> > Bob Miller
> >> > 867-334-7117 / 867-633-3760
> >> > http://computerisms.ca
> >> >
> >> >
> >> > On Fri, 2013-02-01 at 18:15 -0800, Yang Zhang wrote:
> >> >> Hi, thought I'd try this list for help with my question:
> >> >>
> >> >> http://serverfault.com/questions/474742/simple-l2tp-ipsec-server-not-working-openswan-xl2tpd-ubuntu-windows
> >> >>
> >> >> Thanks a lot, really appreciate it!
> >> >> _______________________________________________
> >> >> Users at lists.openswan.org
> >> >> https://lists.openswan.org/mailman/listinfo/users
> >> >> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> >> >> Building and Integrating Virtual Private Networks with Openswan:
> >> >> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >> >
> >> > _______________________________________________
> >> > Users at lists.openswan.org
> >> > https://lists.openswan.org/mailman/listinfo/users
> >> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> >> > Building and Integrating Virtual Private Networks with Openswan:
> >> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >>
> >>
> >>
> >
>
>
>
More information about the Users
mailing list