LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-23-2012, 12:35 PM   #1
shams
Member
 
Registered: Jan 2004
Posts: 400

Rep: Reputation: 30
Exclamation xl2tpd and openswan setup problem?


I have tow pc's one running the debian wheezy is dns and dhcp server, the other pc running the win7 is connected with the network cable to the debian pc as client using the debian wheezy as default gateway for the internet.
I created an l2tp account with on off the l2tpserver and they give me these values for the l2pt server and client setup that i use in configuration files:
Quote:
User = l2tp_client_id
Pssword = l2tp_cleint_pass
Pre-Shared Key (PSK) = l2tp_PSK
l2tp server ip = l2tp_server_ip
I want to setup the debian wheezy as client to connect to the l2tp server, the wheezy using the dialup connection to connect to the isp and get the dyanmic ip with the interface ppp0 and win7 are connected in the interface eth0 to the wheezy dns server, the internal or network subnet is 192.168.1.0/24 and the eth0 ip of wheezy pc is "192.168.1.1" the win7 getting the ip with dhcp almost "192.168.1.50".
I installed the xl2tpd and openswan and reas a lot from the internet for how to setup a l2tp tunnel with xl2tpd and openswan with the l2tp server but clearly didn't undrestand how to do what i get is to configure the ipsec.secrets, ipsec.conf, xl2tpd.conf and chap-serets and create a pppd option file i did all these and these file are here to make the post short:
Quote:
#/etc/ipsec.secrets
l2tp_serve_ip %any : PSK "l2tp_PSK"
ipsec.conf
xl2tpd.conf
options.l2tpd.server
Quote:
#/etc/ppp/chap-secrets
# client server secret IP addresses
l2tp_clietn_id l2ptserver "l2tp_server_pass" *
l2ptserver l2tp_clietn_id "l2tp_server_pass" *
and here is /var/log/pluto.log with output of some commands:
Quote:
#/etc/init.d/ipsec start

adjusting ipsec.d to /etc/ipsec.d
Starting Pluto (Openswan Version 2.6.37; Vendor ID OEu\134d\134jy\134\134ap) pid:10746
LEAK_DETECTIVE support [disabled]
OCF support for IKE [disabled]
SAref support [disabled]: Protocol not available
SAbind support [disabled]: Protocol not available
NSS support [disabled]
HAVE_STATSD notification support not compiled in
Setting NAT-Traversal port-4500 floating to on
port floating activation criteria nat_t=1/port_float=1
NAT-Traversal support [enabled]
using /dev/urandom as source of random entropy
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
starting up 1 cryptographic helpers
started helper pid=10749 (fd:4)
Using Linux 2.6 IPsec interface code on 3.2.0-4-686-pae (experimental code)
using /dev/urandom as source of random entropy
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Changed path to directory '/etc/ipsec.d/cacerts'
Changed path to directory '/etc/ipsec.d/aacerts'
Changed path to directory '/etc/ipsec.d/ocspcerts'
Changing to directory '/etc/ipsec.d/crls'
Warning: empty directory
added connection description "L2TP-PSK-NAT"
added connection description "L2TP-PSK-noNAT"
added connection description "passthrough-for-non-l2tp"
added connection description "L2TP-PSK-CLIENT"
listening for IKE messages
adding interface ppp0/ppp0 117.104.229.116:500
adding interface ppp0/ppp0 117.104.229.116:4500
adding interface eth0/eth0 192.168.1.1:500
adding interface eth0/eth0 192.168.1.1:4500
adding interface lo/lo 127.0.0.1:500
adding interface lo/lo 127.0.0.1:4500
adding interface lo/lo ::1:500
loading secrets from "/etc/ipsec.secrets"
Quote:
#ipsec auto --up L2TP-PSK-CLIENT

L2TP-PSK-CLIENT" #1: initiating Main Mode
"L2TP-PSK-CLIENT" #1: ignoring unknown Vendor ID payload [882fe56d6fd20dbc2251613b2ebe5beb]
"L2TP-PSK-CLIENT" #1: received Vendor ID payload [XAUTH]
"L2TP-PSK-CLIENT" #1: received Vendor ID payload [Dead Peer Detection]
"L2TP-PSK-CLIENT" #1: received Vendor ID payload [RFC 3947] method set to=109
"L2TP-PSK-CLIENT" #1: enabling possible NAT-traversal with method 4
"L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"L2TP-PSK-CLIENT" #1: STATE_MAIN_I2: sent MI2, expecting MR2
"L2TP-PSK-CLIENT" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
"L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"L2TP-PSK-CLIENT" #1: STATE_MAIN_I3: sent MI3, expecting MR3
"L2TP-PSK-CLIENT" #1: Main mode peer ID is ID_IPV4_ADDR: '216.147.95.149'
"L2TP-PSK-CLIENT" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"L2TP-PSK-CLIENT" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
"L2TP-PSK-CLIENT" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:cc8a3067 proposal=defaults pfsgroup=no-pfs}
"L2TP-PSK-CLIENT" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"L2TP-PSK-CLIENT" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xc6fb3ba3 <0x5f4e774b xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
to connect the client to the server i am running the command:
Quote:
echo "c l2tpserver" > /var/run/xl2tpd/l2tp-control
but after all these steps the client wheezy pc not get connected.
I didn't undrestand the values or ip's for these parameters:
in the ipsec.conf:
Quote:
config setup
interfaces="%defaultroute"

conn L2TP-PSK-noNAT
left=

conn passthrough-for-non-l2tp
left=
leftnexthop=

conn L2TP-PSK-CLIENT
right =
in the xl2tpd.conf:
Quote:
lns =
name =
and how to configure the chap-secrtes the file is above.

Last edited by shams; 12-23-2012 at 12:37 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Set up a IPsec/L2TP VPN with Ubuntu 12.04 with OpenSwan, xl2tpd and ppp LXer Syndicated Linux News 0 10-14-2012 12:50 PM
unable to setup l2tp over ipsec using racoon and xl2tpd tusharsharma43 Linux - Server 1 12-09-2011 05:19 AM
Problem while disconnecting in xl2tpd neerajnayak Linux - Newbie 0 01-04-2011 12:40 AM
CentOS 5.1 with Openswan 2.6 problem aikie Linux - Networking 1 08-05-2008 01:38 AM
problem installing openswan Baracuda Linux - Security 1 11-24-2005 04:46 PM


All times are GMT -5. The time now is 03:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration