LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Problem with setting L2TP VPN in kubuntu using strongswan (http://www.linuxquestions.org/questions/linux-networking-3/problem-with-setting-l2tp-vpn-in-kubuntu-using-strongswan-944468/)

AmirGooran 05-11-2012 03:27 PM

Problem with setting L2TP VPN in kubuntu using strongswan
 
Hi, I want to setup an l2tp vpn server using strongswan to be used for my Virtualbox virtual machines.
My computer ip is 192.168.56.1 and my guset os ip is: 192.168.56.2.
I installed strongswan and l2tpd in kubuntu 11.10 with following configuration:

ipsec.conf:

Code:

version 2

config setup
 nat_traversal=no
 plutostart=yes
 charonstart=yes

conn L2TP-VPN
 type=transport
 keyexchange=ikev1
 keyingtries=3
 pfs=no
 rekey=no
 authby=secret
 left=192.168.56.1
 leftprotoport=17/1701
 right=%any
 rightprotoport=17/%any
 rightsubnetwithin=0.0.0.0/0
 auto=add

include /var/lib/strongswan/ipsec.conf.inc

ipsec.secrets:
Code:

# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".

# this file is managed with debconf and will contain the automatically created private key
include /var/lib/strongswan/ipsec.secrets.inc

192.168.56.1        %any :        "123456789"

xl2tpd.conf:
Code:

[global]
 port = 1701
 listen-addr = 192.168.56.1
 ipsec saref = no

[lns default]
 ip range = 172.16.45.2-255
 local ip = 172.16.45.1
 require authentication = no
 refuse pap = no
 require chap = no
 pppoptfile = /etc/ppp/options.xl2tpd
 ppp debug = yes
 name = test
 length bit = yes

options.xl2tp:
Code:

require-mschap-v2
asyncmap 0
 auth
 crtscts
 idle 1800
 lock
 hide-password
 modem
 debug
 name test
 proxyarp
 lcp-echo-interval 30
 lcp-echo-failure 4
 mtu 1410
 mru 1410
 connect-delay 500

chap-secrets:
Code:

# Secrets for authentication using CHAP
# client        server        secret                        IP addresses
1 * 1 *

"10s90122456"        *        "723362"
"7f126310"        *        "383829"
"10s90122452"        *        "035420"
"7f126321"        *        "483485"
"10s90122451"        *        "291941"

I also add the following rules to iptables firewall:
Code:

iptables -A INPUT -i vboxnet0 -p esp -j ACCEPT
iptables -A INPUT -i vboxnet0 -p udp --dport 500 -j ACCEPT
iptables -A INPUT -i vboxnet0 -p tcp --dport 500 -j ACCEPT
iptables -A INPUT -i vboxnet0 -p udp --dport 4500 -j ACCEPT
iptables -A INPUT -i vboxnet0 -p udp --dport 1701 -j ACCEPT
iptables -A INPUT -i vboxnet0 -p tcp --dport 1723 -j ACCEPT

But when I try to connect to my VPN Server in guest OS(Windows XP SP3), It hangs for a long time and after that I receive error 792.
what's the problem? can anyone help me?


All times are GMT -5. The time now is 10:53 PM.