LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page openswan and xl2tpd setup problem?
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-24-2013, 10:30 AM   #1
shams
Member
 
Registered: Jan 2004
Posts: 535

Rep: Reputation: 30
openswan and xl2tpd setup problem?

Since weeks i want to setup l2tp tunnel with xl2tpd and openswan in debian wheezy, the external interface is ppp0 with dynamic ip and the internal interface is eth0 with ip address 192.168.1.1.
l2tp server give me the user_id, password and preshared psk_key with it's ip 217.147.94.149.
The ipsec log show the connection is established but there is no pppx interface, these are the configuration and log files:
ipsec.conf:
Quote:
version 2.0
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:172.16.0.0/12
oe=off
protostack=netkey
plutostderrlog=/var/log/pluto.log
interfaces="%defaultroute"

conn xltunnel

authby=secret
pfs=no
auto=add
rekey=no
type=transport
left=%defaultroute
leftnexthop=%defaultroute
leftprotoport=17/1701
leftsourceip=192.168.1.1
leftsubnet=192.168.1.0/24
right=217.147.94.149
rightid=217.147.94.149
rightprotoport=17/1701
xl2tpd.conf
Quote:
[global]
access control = no
port = 1701
ipsec saref = yes
auth file = /etc/ppp/chap-secrets
debug tunnel = yes

[lac securitykiss]
lns = 217.147.94.149
hostname = client_id
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.3
assign ip = yes
require chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
name = securitykiss
redial = yes
redial timeout = 10
max redials = 6
options.xl2tpd:
Quote:
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
ms-dns 8.8.4.4
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
proxyarp
connect-delay 5000
plugin pppol2tp.so
lock
debug
name securitykiss
noccp
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
logfile /var/log/xl2tpd.log
ipsec.secrets:
Quote:
217.147.94.149 %any : PSK "psk_key"
chap-secrets:
Quote:
client_id securitykiss "password" *
securitykiss client_id "password" *
pluto.log:
Quote:
# ipsec auto --up xltunnel
104 "xltunnel" #1: STATE_MAIN_I1: initiate
003 "xltunnel" #1: ignoring unknown Vendor ID payload [882fe56d6fd20dbc2251613b2ebe5beb]
003 "xltunnel" #1: received Vendor ID payload [XAUTH]
003 "xltunnel" #1: received Vendor ID payload [Dead Peer Detection]
003 "xltunnel" #1: received Vendor ID payload [RFC 3947] method set to=109
106 "xltunnel" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "xltunnel" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
108 "xltunnel" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "xltunnel" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
117 "xltunnel" #2: STATE_QUICK_I1: initiate
004 "xltunnel" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xced0d73f <0x0e8bd6f4 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Quote:
# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K3.2.0-4-686-pae (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [FAILED]

Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!

[FAILED]

Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!

[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support
Quote:
echo "c securitykiss" > /var/run/xl2tpd/l2tp-control
Quote:
#ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000
link/ether 00:07:e9:a8:ea:93 brd ff:ff:ff:ff:ff:ff
3: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 3
link/ppp
Last edited by shams; 01-24-2013 at 10:38 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Openswan+xl2tpd VPN xl2tpd failure nightradio Linux - Networking 1 01-23-2013 06:19 PM
xl2tpd and openswan setup problem? shams Linux - Networking 0 12-24-2012 08:45 PM
LXer: Set up a IPsec/L2TP VPN with Ubuntu 12.04 with OpenSwan, xl2tpd and ppp LXer Syndicated Linux News 0 10-14-2012 12:50 PM
unable to setup l2tp over ipsec using racoon and xl2tpd tusharsharma43 Linux - Server 1 12-09-2011 05:19 AM
Problem while disconnecting in xl2tpd neerajnayak Linux - Newbie 0 01-04-2011 12:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:06 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration