I have topology:
VM (Centos 6) [103.19.208.242] - Server (Centos 6)[103.19.208.240] - Switch - PC (Windows 7) [172.16.32.7]
My VM and Server have public ip and i use openswan for vpn. Openswan is installed on VM.
My settings /etc/ipsec.conf:
Quote:
# /etc/ipsec.conf - Libreswan IPsec configuration file
# This file: /etc/ipsec.conf
#
# Enable when using this configuration file with openswan instead of libreswan
version 2
#
# Manual: ipsec.conf.5
# basic configuration
config setup
protostack=netkey
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=
oe=off
conn mytunnel
authby=secret
pfs=no
auto=add
rekey=no
type=transport
keyingtries=%forever
left=103.19.208.242
leftsubnet=103.19.208.0/8
right=%any
rightprotoport=17/%any
dpddelay=10
dpdtimeout=20
|
my /etc/ipsec.secrets:
Quote:
include /etc/ipsec.d/*.secrets
103.19.203.242 %any: PSK "69EA16F2C529E74A7D1B0FE99E69F6BDCD3E44"
|
my /etc/xl2tpd/xl2tpd.conf:
Quote:
[global]
; listen-addr = 192.168.1.98
;
ipsec saref = yes
; Use refinfo of 22 if using an SAref kernel patch based on openswan 2.6.35 or
; when using any of the SAref kernel patches for kernels up to 2.6.35.
; saref refinfo = 30
;
force userspace = yes
;
; debug tunnel = yes
[lns default]
ip range = 192.168.32.4-192.168.32.26
local ip = 192.168.32.1
require chap = yes
refuse pap = no
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
|
my /etc/ppp/options.xl2tpd:
Quote:
ipcp-accept-local
ipcp-accept-remote
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
# ms-dns 192.168.1.1
# ms-dns 192.168.1.3
# ms-wins 192.168.1.2
# ms-wins 192.168.1.4
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
login
|
my /etc/pam.d/ppp :
Quote:
#%PAM-1.0
auth required pam_nologin.so
auth required pam_linux.so
account required pam_linux.so
session required pam_linux.so
|
when i restart my ipsec:
Quote:
[root@vpn ~]# /etc/init.d/ipsec restart
Shutting down pluto IKE daemon
002 shutting down
Starting pluto IKE daemon for IPsec: . [ OK ]
|
and when i verify:
Quote:
Verifying installed system and configuration files
Version check and ipsec on-path [OK]
Libreswan 3.15 (netkey) on 2.6.32-642.el6.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Hardware random device [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]
Opportunistic Encryption [DISABLED]
|
And when i try in with my PC (Windows), i get error 651. What's the solution from that? Thank you