-   Linux - Networking (
-   -   IPSEC/L2TP VPN Server on Fedora Core 3 using Kernel 2.6 (

petwalrus 03-18-2005 04:33 PM

IPSEC/L2TP VPN Server on Fedora Core 3 using Kernel 2.6

I am wondering if any VPN experts out there would be able to assist me in configuring my Fedora Core 3 router for allowing VPN access through L2TP/IPSEC. I would like to use the built in support in the 2.6 Kernel --- but because this is fairly new technology the documentation on how to make this work is sparse at best.

I would like to be able to connect to the VPN from Windows 2000/XP laptops that will be on the road (i.e. dynamic IP addreses) using either a shared secret or X.509 certificate.

Any help on this would be excellent, as I would love to demonstrate to management at my company the awesome power of Linux and how much money open source software can save us over using competing products (read: Windows Server).


naved 03-27-2005 05:06 AM

IPSEC/L2TP VPN Server on Fedora Core 3 using Kernel 2.6
use openswan, l2tpd, pppd, radiusclient,
go tro jacco de lucew's page on l2tpd/ipsec vpn ..he is the definitive guide on this..

petwalrus 03-27-2005 05:14 PM

I actually got it working! I am very pleased with the results! :)

Robert80 04-21-2005 11:55 AM


Glad to see that you got it working.

I just try to do they same thing. However, I might have missed something in my configuration.

Here is my setup:
|eth1 =
| Host A | ppp0 =
|eth0 =
|IP Addr:
| Host B | ppp0 =

Host A is running Linux FC3. It had eth1 =; eth0 =

Host B is running Windows XP. Its IP address is

The ppp0 of the point-to-point connection established between them using OpenSwanIPSec and L2tpd was on the host A end and on the host B end.

# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface * UH 0 0 0 ppp0 UGH 0 0 0 eth0 * U 0 0 0 eth0 * U 0 0 0 eth1 UG 0 0 0 eth1 * U 0 0 0 eth1
default UG 0 0 0 eth0

# arp -a
? ( at 00:11:22:33:44:55 [ether] on eth1
? ( at 55:44:33:22:11:00 [ether] on eth0
? ( at * PERM PUP on eth1

The routing table and the arp table seem to be correct. Communications between host A and host B is OK. All host in network could ping However, there seemed to be a barrier between eth1 and ppp0. Hosts other than A in netwrok could not access host B and host B could not reach any host in network other than host A. I had disabled all the firewalls to make sure no packets would be blocked.

Moreover, I found that even I had defined "type=tunnel" in the /etc/ipsec.conf file, the "ipsec setup status" command showed "No tunnels up":

# ipsec setup status
IPsec running
pluto pid 12931
No tunnels up

Would you be so kind to advise what I would have done wrong? Thank you so much.


All times are GMT -5. The time now is 04:45 AM.