IPSEC/L2TP VPN Server on Fedora Core 3 using Kernel 2.6
Hello,
I am wondering if any VPN experts out there would be able to assist me in configuring my Fedora Core 3 router for allowing VPN access through L2TP/IPSEC. I would like to use the built in support in the 2.6 Kernel --- but because this is fairly new technology the documentation on how to make this work is sparse at best. I would like to be able to connect to the VPN from Windows 2000/XP laptops that will be on the road (i.e. dynamic IP addreses) using either a shared secret or X.509 certificate. Any help on this would be excellent, as I would love to demonstrate to management at my company the awesome power of Linux and how much money open source software can save us over using competing products (read: Windows Server). TIA! |
IPSEC/L2TP VPN Server on Fedora Core 3 using Kernel 2.6
use openswan, l2tpd, pppd, radiusclient,
go tro jacco de lucew's page on l2tpd/ipsec vpn ..he is the definitive guide on this.. |
I actually got it working! I am very pleased with the results! :)
|
Hi
Glad to see that you got it working. I just try to do they same thing. However, I might have missed something in my configuration. Here is my setup: 192.168.12.0/24 --------------- | | |eth1 = 192.168.12.3 |-------- | Host A | ppp0 = 192.168.12.199 |-------- |eth0 = 201.201.201.3 | | | / / | | | |IP Addr: 201.201.201.201 |-------- | Host B | ppp0 = 192.168.12.201 |-------- Host A is running Linux FC3. It had eth1 = 192.168.12.3/24; eth0 = 201.201.201.3/24 Host B is running Windows XP. Its IP address is 201.201.201.201/24. The ppp0 of the point-to-point connection established between them using OpenSwanIPSec and L2tpd was 192.168.12.199 on the host A end and 192.168.12.201 on the host B end. # netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.12.201 * 255.255.255.255 UH 0 0 0 ppp0 201.201.201.201 201.201.201.1 255.255.255.255 UGH 0 0 0 eth0 201.201.201.0 * 255.255.255.0 U 0 0 0 eth0 192.168.12.0 * 255.255.255.0 U 0 0 0 eth1 192.168.0.0 192.168.12.177 255.255.224.0 UG 0 0 0 eth1 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 201.201.201.1 0.0.0.0 UG 0 0 0 eth0 # arp -a ? (192.168.12.177) at 00:11:22:33:44:55 [ether] on eth1 ? (201.201.201.1) at 55:44:33:22:11:00 [ether] on eth0 ? (192.168.12.201) at * PERM PUP on eth1 The routing table and the arp table seem to be correct. Communications between host A and host B is OK. All host in network 192.168.12.0/24 could ping 192.168.12.199. However, there seemed to be a barrier between eth1 and ppp0. Hosts other than A in netwrok 192.168.12.0/24 could not access host B and host B could not reach any host in network 192.168.12.0/24 other than host A. I had disabled all the firewalls to make sure no packets would be blocked. Moreover, I found that even I had defined "type=tunnel" in the /etc/ipsec.conf file, the "ipsec setup status" command showed "No tunnels up": # ipsec setup status IPsec running pluto pid 12931 No tunnels up Would you be so kind to advise what I would have done wrong? Thank you so much. Regards, LinuxNewbee |
All times are GMT -5. The time now is 10:02 PM. |