Problem:VPN wireless connection with OpenSwan on Slackware 12.0

Salgeras · 09-27-2007, 01:28 PM

So, I'm trying to set VPN wireless connection on Slackware 12.0. I have a laptop, LAN card is Realtek 8139, which is connected to TL-WA501g with simple LAN cable. Further on, AP is connected to antenna.. Just to mention that this is for "home" use..

Searching this forum,I've found link to http://wiki.openswan.org/, and I've successfully installed OpenSwan. After installation, with 'ipsec verify' I verified connection,and it was [OK] for all,except OpportunisticEncryption, which is [DISABLED]. Anyway,I've started Firefox and managed to open home page of my WiFi provider. But,when I try to open any other site,FF always opens home page of my WiFi ISP.. So I checked /etc/ipsec.conf and there is no defined connection. Unfortunately, I dont know how to set a connection..I've read docs on http://wiki.openswan.org, but now I'm confused..

This is what "ipconfig /all" from windows says:

Code:

Windows IP Configuration
        Host Name . . . . . . . . . . . . : salgeras
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
        Physical Address. . . . . . . . . : <**>
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.200.125.175
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.200.125.1
        DHCP Server . . . . . . . . . . . : 10.200.125.1
        DNS Servers . . . . . . . . . . . : 10.200.1.30
        Lease Obtained. . . . . . . . . . : Thursday, September 27, 2007 12:18:0
1 PM
        Lease Expires . . . . . . . . . . : Sunday, September 30, 2007 12:18:01
PM

PPP adapter KBCnet:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : <**>
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 195.252.105.191
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 195.252.105.191
        DNS Servers . . . . . . . . . . . : 10.200.1.30
                                            194.106.162.2

I dont know how to set a connection , since there is 2 different GW's and IP's.
So, my question is: can someone help me to set connection in /etc/ipsec.conf by using these parameters?

Just to mention that IP assigning goes from DHCP. KBCnet is my ISP.

Thanks in advance!!!

perry · 09-27-2007, 07:58 PM

Quote:

Originally Posted by Salgeras

So, I'm trying to set VPN wireless connection on Slackware 12.0. I have a laptop, LAN card is Realtek 8139, which is connected to TL-WA501g with simple LAN cable. Further on, AP is connected to antenna.. Just to mention that this is for "home" use..

Searching this forum,I've found link to http://wiki.openswan.org/, and I've successfully installed OpenSwan. After installation, with 'ipsec verify' I verified connection,and it was [OK] for all,except OpportunisticEncryption, which is [DISABLED]. Anyway,I've started Firefox and managed to open home page of my WiFi provider. But,when I try to open any other site,FF always opens home page of my WiFi ISP.. So I checked /etc/ipsec.conf and there is no defined connection. Unfortunately, I dont know how to set a connection..I've read docs on http://wiki.openswan.org, but now I'm confused..

This is what "ipconfig /all" from windows says:

Code:

Windows IP Configuration
        Host Name . . . . . . . . . . . . : salgeras
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
        Physical Address. . . . . . . . . : <**>
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.200.125.175
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.200.125.1
        DHCP Server . . . . . . . . . . . : 10.200.125.1
        DNS Servers . . . . . . . . . . . : 10.200.1.30
        Lease Obtained. . . . . . . . . . : Thursday, September 27, 2007 12:18:0
1 PM
        Lease Expires . . . . . . . . . . : Sunday, September 30, 2007 12:18:01
PM

PPP adapter KBCnet:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : <**>
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 195.252.105.191
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 195.252.105.191
        DNS Servers . . . . . . . . . . . : 10.200.1.30
                                            194.106.162.2

I dont know how to set a connection , since there is 2 different GW's and IP's.
So, my question is: can someone help me to set connection in /etc/ipsec.conf by using these parameters?

Just to mention that IP assigning goes from DHCP. KBCnet is my ISP.

Thanks in advance!!!

not sure i can help you, but you can take a look at my thread for ideas on your situation

- perry

Salgeras · 10-05-2007, 02:46 AM

I've discovered very important thing: my ISP uses PPTP, not IPSEC

I've followed instructions from http://slackworld.berlios.de/2007/Linux2MS-VPN.html, this is what I did:
- installed PPTP
- kernel: everything that was needed for PPP was already been defined through modules,(kernel 2.6.22.5) but,just in case, I've recompiled kernel again, everything went fine, successfully booted Slackware..
- files which are needed for PPP edited like it was said
- after starting connection, error occurs, and terminate connection

These are the files which take part in this story:
1) /etc/ppp/options.pptp

Code:

lock
noauth
# We won't do EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
refuse-eap
refuse-chap
refuse-mschap

nobsdcomp
nodeflate

2) /etc/ppp/peers/kbc

Code:

pty "pptp vpn1.kbcnet.co.yu --nolaunchpppd"
   name Salgeras
   remotename PPTP
   require-mppe-128
   file /etc/ppp/options.pptp
   ipparam kbc

3) /etc/ppp/chap-secrets and /etc/ppp/pap-secrets

Code:

# client    server       secret            IP addresses
  Salgeras      PPTP    <password>                 *

This is the error after starting connection:

Code:

root@darkstar:~#  sh /usr/doc/ppp-2.4.4/scripts/pon kbc debug dump logfd 2 nodetach
pppd options in effect:
debug           # (from command line)
nodetach                # (from command line)
logfd 2         # (from command line)
dump            # (from command line)
noauth          # (from /etc/ppp/options.pptp)
refuse-chap             # (from /etc/ppp/options.pptp)
refuse-mschap           # (from /etc/ppp/options.pptp)
refuse-eap              # (from /etc/ppp/options.pptp)
name Salgeras           # (from /etc/ppp/peers/kbc)
remotename PPTP         # (from /etc/ppp/peers/kbc)
                # (from /etc/ppp/options.pptp)
pty pptp vpn1.kbcnet.co.yu --nolaunchpppd               # (from /etc/ppp/peers/kbc)
crtscts         # (from /etc/ppp/options)
                # (from /etc/ppp/options)
asyncmap 0              # (from /etc/ppp/options)
lcp-echo-failure 4              # (from /etc/ppp/options)
lcp-echo-interval 30            # (from /etc/ppp/options)
ipparam kbc             # (from /etc/ppp/peers/kbc)
proxyarp                # (from /etc/ppp/options)
nobsdcomp               # (from /etc/ppp/options.pptp)
nodeflate               # (from /etc/ppp/options.pptp)
require-mppe-128                # (from /etc/ppp/peers/kbc)
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <auth pap> <magic 0x9c5dc7c6> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x768b4be1> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <auth pap> <magic 0x9c5dc7c6> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x768b4be1> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0x768b4be1]
sent [PAP AuthReq id=0x1 user="Salgeras" password=<hidden>]
rcvd [LCP EchoReq id=0x0 magic=0x9c5dc7c6]
sent [LCP EchoRep id=0x0 magic=0x768b4be1]
rcvd [LCP EchoRep id=0x0 magic=0x9c5dc7c6]
rcvd [PAP AuthAck id=0x1 "64/74\n"]
Remote message: 64/74^J
PAP authentication succeeded
MPPE required, but MS-CHAP[v2] auth not performed.
sent [LCP TermReq id=0x2 "MPPE required but not available"]
rcvd [IPCP ConfReq id=0x1 <addr 10.200.2.1>]
Discarded non-LCP packet when LCP not open
rcvd [LCP TermAck id=0x2]
Connection terminated.
Script pptp vpn1.kbcnet.co.yu --nolaunchpppd finished (pid 3167), status = 0x0

Now what?? With "modprobe ppp_mppe" I've inserted the module..Here's the of 'lsmod' about that module:

Code:

Module                  Size  Used by
ppp_synctty            11392  0 
ppp_mppe               10116  0 
ppp_async              13056  0 
ppp_generic            26772  3 ppp_synctty,ppp_mppe,ppp_async
slhc                    9856  1 ppp_generic

Although I didn't make a connection,I can open my ISP's home page, and all pages on his site.
Here's the 'ifconfig':

Code:

eth0      Link encap:Ethernet  HWaddr 00:17:31:25:8C:E0  
          inet addr:10.200.125.175  Bcast:10.200.125.255  Mask:255.255.255.0
          inet6 addr: fe80::217:31ff:fe25:8ce0/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:231 errors:0 dropped:0 overruns:0 frame:0
          TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:20329 (19.8 KiB)  TX bytes:4795 (4.6 KiB)
          Interrupt:18 Base address:0xd800 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Please!! Can someone help?!