[Openswan Users] help
Gabriel Rojas
306272817 at ciencias.unam.mx
Thu Jun 26 20:24:54 EDT 2014
Hello, I'm a relative newbie user and I'm trying to establish a VPN
with a commercial server, so I don't know all the details for the
connection. It's called Viatun and can be found at viatun.com where
they have some instructions to connect to Windows and mac with a
server on usi1.viatun.com wich lives at 208.94.234.83. I have been
looking all over the Internet for some help, but I haven't found a
guide that can help me. Anyways here is what I have done.
My ipsec.conf file
config setup
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
nat_traversal=yes
protostack=netkey
oe=no
plutoopts="--interface=wlan0"
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
plutoopts="--interface=wlan0"
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=192.168.1.70
leftnexthop=%defaultroute
leftprotoport=17/1701
right=208.94.234.83
rightprotoport=17/1701
My ipsec.secrets file
192.168.1.70 208.94.234.83 : PSK "xxxxx"
My xl2tpd.conf file
[lac viatun]
lns = 208.94.234.83
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
My options.l2tpd.client file
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name XXXXXXX at XXXXX.XXX
password XXXXXXXXX
and this is what I get with ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K3.2.0-4-powerpc (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
[OK]
[OK]
Hardware RNG detected, testing if used properly [FAILED]
Hardware RNG is present but 'rngd' or 'clrngd' is not running.
No harware random used!
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
Not sure how to change the failed from the Hardware RNG.
And after restartin ipsec and xl2tpd and running ipsec auto --up
L2TP-PSK i get this:
104 "L2TP-PSK" #1: STATE_MAIN_I1: initiate
003 "L2TP-PSK" #1: received Vendor ID payload [RFC 3947] method set to=109
003 "L2TP-PSK" #1: received Vendor ID payload [Dead Peer Detection]
106 "L2TP-PSK" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "L2TP-PSK" #1: NAT-Traversal: Result using RFC 3947
(NAT-Traversal): i am NATed
108 "L2TP-PSK" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "L2TP-PSK" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
117 "L2TP-PSK" #2: STATE_QUICK_I1: initiate
003 "L2TP-PSK" #2: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
003 "L2TP-PSK" #2: malformed payload in packet
010 "L2TP-PSK" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
003 "L2TP-PSK" #2: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
003 "L2TP-PSK" #2: malformed payload in packet
010 "L2TP-PSK" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
003 "L2TP-PSK" #2: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
003 "L2TP-PSK" #2: malformed payload in packet
031 "L2TP-PSK" #2: max number of retransmissions (2) reached
STATE_QUICK_I1. No acceptable response to our first Quick Mode
message: perhaps peer likes no proposal
000 "L2TP-PSK" #2: starting keying attempt 2 of at most 3, but releasing whack
Please help, Haven't been able to set this up and haven't found
anytthing usefull around.
Thanks
More information about the Users
mailing list