LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-12-2010, 03:45 PM   #1
oli004
LQ Newbie
 
Registered: Feb 2010
Posts: 1

Rep: Reputation: 0
Racoon + L2TP roadwarrior with Mac OS X Server VPN


Hi

I am trying to set up a vpn connection between a linux roadwarrior and a Mac OS X Server (built-in vpn since 10.6).

Therefore I use racoon, setkey and xl2tp.

The network configuration is:
Code:
Interface         IP address          Description
bnep0             192.168.20.3        the roadwarrior's local interface/ip address
                  91.x.x.x            the Mac OS X VPN server's external ip address
                  192.168.1.0/24      (external) VPN network behind VPN server
ppp0              192.168.1.138       IP address in VPN network, which is automatically assigned by vpn server.

This works already:

I am able to establish an IPSEC connection with racoon

The login with l2tp seems to work:
  • username/password is accepted by server.
  • the ppp connection is established (interface ppp0 is created and receives the ip address (192.168.1.138) from the server)
  • the server's vpn frontend also indicates that the connection was established successfully

cf. the logs (in case I am missing something):
Code:
Feb  6 18:45:57 oli4snotebook xl2tpd[29807]: Connecting to host 91.x.x.x, port 1701
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: Connection established to 91.x.x.x, 1701.  Local: 59247, Remote: 11 (ref=0/0). 
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: Calling on tunnel 59247 
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: Call established with 91.x.x.x, Local: 10502, Remote: 6544, Serial: 1 (ref=0/0) 
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: start_pppd: I'm running:  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "/usr/sbin/pppd"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "passive"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "nodetach"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: ":"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "refuse-pap"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "auth"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "require-chap"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "name"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "username"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "debug"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "file"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "/etc/ppp/options.l2tpd.client"  
Feb  6 18:45:58 oli4snotebook xl2tpd[29807]: "/dev/pts/2"  
Feb  6 18:45:58 oli4snotebook pppd[29812]: pppd 2.4.4 started by root, uid 0 
Feb  6 18:45:58 oli4snotebook pppd[29812]: using channel 5 
Feb  6 18:45:58 oli4snotebook pppd[29812]: Using interface ppp0 
Feb  6 18:45:58 oli4snotebook pppd[29812]: Connect: ppp0 <--> /dev/pts/2 
Feb  6 18:45:58 oli4snotebook pppd[29812]: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <magic 0x9222e0ac> <pcomp> <accomp>] 
Feb  6 18:45:59 oli4snotebook pppd[29812]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x28a13086> <pcomp> <accomp>] 
Feb  6 18:45:59 oli4snotebook pppd[29812]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x28a13086> <pcomp> <accomp>] 
Feb  6 18:45:59 oli4snotebook pppd[29812]: rcvd [LCP ConfAck id=0x1 <mru 1410> <asyncmap 0x0> <magic 0x9222e0ac> <pcomp> <accomp>] 
Feb  6 18:45:59 oli4snotebook pppd[29812]: rcvd [LCP EchoReq id=0x0 magic=0x28a13086] 
Feb  6 18:45:59 oli4snotebook pppd[29812]: sent [LCP EchoRep id=0x0 magic=0x9222e0ac] 
Feb  6 18:45:59 oli4snotebook pppd[29812]: rcvd [CHAP Challenge id=0x6 <07190d652767310e6453574e3b4c4956>, name = "x.x.x.de"] 
Feb  6 18:45:59 oli4snotebook pppd[29812]: sent [CHAP Response id=0x6 <1dda8c5121f7f558b5f1b854bab64a590000000000000000f8c3c2e9e41ed830e7b1e76b823a576ed5784529a1a858ba00>, name = "username"] 
Feb  6 18:46:00 oli4snotebook pppd[29812]: rcvd [CHAP Success id=0x6 "S=6FB281EB2F457364E4D3C0D9D48DFF039457A620 M=Access granted"] 
Feb  6 18:46:00 oli4snotebook pppd[29812]: CHAP authentication succeeded 
Feb  6 18:46:00 oli4snotebook pppd[29812]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>] 
Feb  6 18:46:00 oli4snotebook pppd[29812]: rcvd [IPCP ConfReq id=0x1 <addr 91.x.x.x>] 
Feb  6 18:46:00 oli4snotebook pppd[29812]: sent [IPCP ConfAck id=0x1 <addr 91.x.x.x>] 
Feb  6 18:46:00 oli4snotebook pppd[29812]: rcvd [proto=0x8235] 01 01 00 04 
Feb  6 18:46:00 oli4snotebook pppd[29812]: Unsupported protocol 'Apple Client Server Protocol Control' (0x8235) received 
Feb  6 18:46:00 oli4snotebook pppd[29812]: sent [LCP ProtRej id=0x2 82 35 01 01 00 04] 
Feb  6 18:46:00 oli4snotebook pppd[29812]: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>] 
Feb  6 18:46:00 oli4snotebook pppd[29812]: sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>] 
Feb  6 18:46:01 oli4snotebook pppd[29812]: rcvd [IPCP ConfNak id=0x2 <addr 192.168.1.138>] 
Feb  6 18:46:01 oli4snotebook pppd[29812]: sent [IPCP ConfReq id=0x3 <addr 192.168.1.138>] 
Feb  6 18:46:01 oli4snotebook pppd[29812]: rcvd [IPCP ConfAck id=0x3 <addr 192.168.1.138>] 
Feb  6 18:46:01 oli4snotebook pppd[29812]: local  IP address 192.168.1.138 
Feb  6 18:46:01 oli4snotebook pppd[29812]: remote IP address 91.x.x.x 
Feb  6 18:46:01 oli4snotebook pppd[29812]: Script /etc/ppp/ip-up started (pid 29815) 
Feb  6 18:46:01 oli4snotebook pppd[29812]: Script /etc/ppp/ip-up finished (pid 29815), status = 0x0

To update the routing settings:
Code:
ip route add 192.168.1.0/24 dev ppp0

However a ping into the vpn network does not work, neither does any other type of connection.

Furthermore the created ppp0 interface disappears after about 2 min (without any error message)

I think it has something to do with the setkey settings.:
Code:
echo " 
spdadd 192.168.20.3[1701] 91.x.x.x[1701] udp 
       -P out ipsec esp/transport//require; 
spdadd 91.x.x.x[1701] 192.168.20.3[1701] udp 
       -P in ipsec esp/transport//require; 
" | setkey -c
(this seems to be necessary for the l2tp connection.
without it xl2tp does not connect)


I also tried some slightely different settings, unfortenately without any success.


Does anybody see the problem?
Are the setkey settings wrong?
Or is there another fundamental mistake in my thoughts?

thanks in advance

Oli4
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up a L2TP VPN server ratcateme Linux - Networking 5 06-26-2013 07:29 AM
Setting up L2TP over IPSec VPN server under CentOS 5.3 fantasygoat Linux - Networking 5 10-04-2012 04:08 PM
racoon as a server to Cisco VPN client etzvetanov Linux - Networking 0 02-01-2007 07:08 AM
LXer: Racoon Roadwarrior Configuration LXer Syndicated Linux News 0 11-19-2006 04:54 PM
L2TP VPN connections to an ISA Server kendoucet Linux - Networking 0 03-24-2004 08:07 AM


All times are GMT -5. The time now is 04:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration