[Openswan Users] xl2tpd tunnel not working?

shamsat shamsat at zoho.com
Wed Jan 9 11:50:40 EST 2013


I use dialup connection with dynaimc ip in debian wheezy to connect to the internet, want to setup l2tp tunnel with the xl2tpd and openswan this is my ipsec.conf:


 version 2.0
config setup 
      dumpdir=/var/run/pluto/
      nat_traversal=yes
      virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:172.16.0.0/12
      oe=off
      protostack=netkey
      plutostderrlog=/var/log/pluto.log
      interfaces="%defaultroute"

conn L2TP-PSK-NAT

      rightsubnet=vhost:%priv
      also=shamsme

conn  mypc
      
      authby=secret
      pfs=no
      auto=add
      keyingtries=3
      rekey=no
      ikelifetime=8h
      keylife=1h
      type=transport
      left=%defaultroute
      leftnexthop=%defaultroute
      leftprotoport=17/1701
      right=217.147.94.149
      rightprotoport=17/1701
after configuration all the config files i run these commands:

/etc/init.d/ipsec start
/etc/init.d/xl2tpd start 
ipsec auto --up mypc 
echo "c mypc" > /var/run/xl2tpd/l2tp-control
but l2tp tunnel is not working and i didn't see any extra pppx for the l2tp connection in the ifconfig  there is only the0, lo and ppp0, this is the output of 
ipsec auto --status:

#ipsec auto --status 
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.1.1
000 interface eth0/eth0 192.168.1.1
000 interface ppp0/ppp0 116.104.228.195
000 interface ppp0/ppp0 116.104.228.195
000 %myid = (none)
000 debug none
000 
000 virtual_private (%priv):
000 - allowed 3 subnets: 10.0.0.0/8, 192.168.1.0/24, 172.16.0.0/12
000 - disallowed 0 subnets: 
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have 
000 private address space in internal use, it should be excluded!
000 
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=160, keysizemax=288
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000 
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000 
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 
000 
000 "L2TP-PSK-NAT": 116.104.228.195[+S=C]:17/1701---116.104.228.2...217.147.94.149<217.147.94.149>[+S=C]:17/1701===217.147.94.149/32; unrouted; eroute owner: #0
000 "L2TP-PSK-NAT": myip=unset; hisip=unset;
000 "L2TP-PSK-NAT": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "L2TP-PSK-NAT": policy: PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: ppp0; 
000 "L2TP-PSK-NAT": newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "mypc": 116.104.228.195[+S=C]:17/1701---116.104.228.2...217.147.94.149<217.147.94.149>[+S=C]:17/1701; erouted; eroute owner: #2
000 "mypc": myip=unset; hisip=unset;
000 "mypc": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "mypc": policy: PSK+ENCRYPT+DONTREKEY+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: ppp0; 
000 "mypc": newest ISAKMP SA: #1; newest IPsec SA: #2; 
000 "mypc": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
000 
000 #2: "mypc":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE_IF_USED in 2533s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #2: "mypc" esp.c8b8a3a3 at 217.147.94.149 esp.bf2a9648 at 116.104.228.195 ref=0 refhim=4294901761
000 #1: "mypc":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE_IF_USED in 28023s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate 

any help please?

 
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130109/5f759b12/attachment-0001.html>


More information about the Users mailing list