Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
01-01-2013, 02:44 AM
|
#1
|
|
Member
Registered: May 2008
Posts: 81
Rep: 
|
Configuring Debian as ipses vpn server
In The Name of Allah
Hello ;
I have used this guide in this topic to config debian server as ipsec server ,
I just want use server az vpn proxy server , not i a vpn server in LAN with chap authentication ..so i have done steps 1,2 and 3 .
hence my client has dynamic IP ,so some parts should be changed but i dunno how ?
1 - In step 1 , we have this line in file /etc/xl2tpd/xl2tpd.conf :
Code:
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.1.0/24
Should i replace 192.168.1.0 with client dynamic IP ?
2-In step 3 , we have these lines in file /etc/xl2tpd/xl2tpd.conf
Code:
[lns default]
ip range = 192.168.1.10-192.168.1.20
local ip = 192.168.1.1
Should i replace 192.168.1.1 and ip range with client dynamic IP ?
Regards dehqan |
|
|
|
|
01-01-2013, 11:29 AM
|
#2
|
|
Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 11,777
|
Quote:
Originally Posted by a.dehqan
Hello ;
I have used this guide in this topic to config debian server as ipsec server, I just want use server az vpn proxy server , not i a vpn server in LAN with chap authentication ..so i have done steps 1,2 and 3. hence my client has dynamic IP ,so some parts should be changed but i dunno how ?
|
Which guide did you follow? The original link is very old, and the updated one it points to (for Ubuntu 10), is also old. There is an updated doc at the Debian wiki...did you try it?
http://wiki.debian.org/IPsec
https://wiki.archlinux.org/index.php...N_client_setup
Quote:
1 - In step 1 , we have this line in file /etc/xl2tpd/xl2tpd.conf :
Code:
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.1.0/24
Should i replace 192.168.1.0 with client dynamic IP ?
|
No, since that would then disallow that subnet, as it says in the documentation. That is defining the network range of addresses for incoming clients.
Quote:
2-In step 3 , we have these lines in file /etc/xl2tpd/xl2tpd.conf
Code:
[lns default]
ip range = 192.168.1.10-192.168.1.20
local ip = 192.168.1.1
Should i replace 192.168.1.1 and ip range with client dynamic IP ?
|
No, please re-read the documentation. The IP range is the range of addresses that is given to the clients...the documentation says that very clearly. The local IP address. There is even a man page for that file...have you consulted it?
http://linux.die.net/man/5/xl2tpd.conf
It explains what each field does. |
|
|
1 members found this post helpful.
|
|
01-02-2013, 02:55 AM
|
#3
|
|
Member
Registered: May 2008
Posts: 81
Original Poster
Rep:
|
Hello ;
Thanks for your attention;
I checked both guides there is no differences except openswan versions ... that it does not matter for me that i'm installing openswan from debian repositories on debian.
There is a Debian VPS server that i want use it as VPN server to bypass filtering so this works as a proxy server ,not a local vpn server ,
That ubuntu guide that i used is configuring a local vpn server in a local network , so 1 - i don't need all steps , so i just done steps 1,2,3 for my aim and i just edited server IP , and have changed ipsec.conf for chap authentication :
require chap=yes
Then i have restarted ipsec and x2lptd daemons on server and hve created a vpn connection on windows 7(a client on the internet) with username and password ...
but it does not connect and gives error
i checked server auth.log that is like this http://hpaste.org/80026
How to fix the problem ?
Last edited by a.dehqan; 01-02-2013 at 03:00 AM.
|
|
|
|
|
01-02-2013, 12:11 PM
|
#4
|
|
Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 11,777
|
Quote:
Originally Posted by a.dehqan
Hello ;
I checked both guides there is no differences except openswan versions ... that it does not matter for me that i'm installing openswan from debian repositories on debian.
There is a Debian VPS server that i want use it as VPN server to bypass filtering so this works as a proxy server ,not a local vpn server ,
That ubuntu guide that i used is configuring a local vpn server in a local network , so 1 - i don't need all steps , so i just done steps 1,2,3 for my aim and i just edited server IP , and have changed ipsec.conf for chap authentication :
require chap=yes
Then i have restarted ipsec and x2lptd daemons on server and hve created a vpn connection on windows 7(a client on the internet) with username and password ...
but it does not connect and gives error
i checked server auth.log that is like this http://hpaste.org/80026
How to fix the problem ? |
You fix it by following the instructions. You can't pick and choose which steps to follow. Also, since you're asking about how to bypass filtering (what KIND of filtering you don't say), that's against the LQ Rules. Aside from the legal issues, you do realize that if you're caught at your job, you could get fired, right?
And did you try to look this error up?
https://lists.openswan.org/pipermail...il/020337.html |
|
|
|
|
01-03-2013, 11:37 PM
|
#5
|
|
Moderator
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Evading filtering could be harmful to your company, and as such is in violation of the LQ rules.
http://www.linuxquestions.org/linux/rules.html
This thread is closed. |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 06:16 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
