LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   xl2tpd on CentOS --> listen port (https://www.linuxquestions.org/questions/linux-server-73/xl2tpd-on-centos-listen-port-930205/)

devilboy09 02-19-2012 10:42 AM
xl2tpd on CentOS --> listen port
 
i installed openswan and xl2tpd packages on me centos.but when i start xl2tpd it does not listen to port 1702.here's the output of xl2tpd -D:
Code:
[root@centos devilboy]# xl2tpd -D
xl2tpd[5050]: Enabling IPsec SAref processing for L2TP transport mode SAs
xl2tpd[5050]: IPsec SAref does not work with L2TP kernel mode yet, enabling forceuserspace=yes
xl2tpd[5050]: setsockopt recvref[30]: Protocol not available
xl2tpd[5050]: This binary does not support kernel L2TP.
xl2tpd[5050]: xl2tpd version xl2tpd-1.3.1 started on centos.domain.org PID:5050
xl2tpd[5050]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[5050]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[5050]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[5050]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[5050]: Listening on IP address 0.0.0.0, port 1701
and this my xl2tpd.conf file:
Code:
;
; This is a minimal sample xl2tpd configuration file for use
; with L2TP over IPsec.
;
; The idea is to provide an L2TP daemon to which remote Windows L2TP/IPsec
; clients connect. In this example, the internal (protected) network
; is 192.168.1.0/24.  A special IP range within this network is reserved
; for the remote clients: 192.168.1.128/25
; (i.e. 192.168.1.128 ... 192.168.1.254)
;
; The listen-addr parameter can be used if you want to bind the L2TP daemon
; to a specific IP address instead of to all interfaces. For instance,
; you could bind it to the interface of the internal LAN (e.g. 192.168.1.98
; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99)
; will be used by xl2tpd as its address on pppX interfaces.

[global]
;listen-addr = 192.168.62.128
;
; requires openswan-2.5.18 or higher - Also does not yet work in combination
; with kernel mode l2tp as present in linux 2.6.23+
ipsec saref = yes
; Use refinfo of 22 if using an SAref kernel patch based on openswan 2.6.35 or
;  when using any of the SAref kernel patches for kernels up to 2.6.35.
; ipsec refinfo = 30
;
; forceuserspace = yes
;
; debug tunnel = yes

[lns default]
ip range = 10.1.1.200-10.1.1.210
local ip = 10.1.1.10
refuse chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
also : internal eth1=10.1.1.10, external eth0=192.168.62.128

devilboy09 02-20-2012 01:02 AM
i think the problem is the kernel, cause when i issue ipsec verify i get this error:
Code:
[root@centos devilboy]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                [OK]
Linux Openswan U2.6.21/K(no kernel code presently loaded)
Checking for IPsec support in kernel                            [FAILED]
Checking for RSA private key (/etc/ipsec.secrets)              [OK]
Checking that pluto is running                                  [FAILED]
  whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Two or more interfaces found, checking IP forwarding            [FAILED]
  whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking NAT and MASQUERADEing                             
Checking for 'ip' command                                      [OK]
Checking for 'iptables' command                                [OK]

Opportunistic Encryption DNS checks:
  Looking for TXT in forward dns zone: centos.domain.org      [MISSING]
  Does the machine have at least one non-private address?      [FAILED]
any suggestion how can i resolve that ?


All times are GMT -5. The time now is 05:31 AM.