Setting up L2TP over IPSec VPN server under CentOS 5.3
I've been banging my head against this problem for almost a week now without much success.
What I want is a VPN server running L2TP over IPSec using a PSK to allow Windows XP and Mac OSX clients to connect and allow access to our local network. I've put a box with two interfaces, one inside the private LAN and one with live IP. I'm using OpenSWAN and xl2tp. I got it working using all internal IPs, but once I moved the config to the live IPs it stopped working. From my OSX box at home I seem to be able to establish IPSec: Sep 15 15:47:34 gateway pluto[6849]: "L2TP-PSK"[2] [remote IP address] #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 15 15:47:34 gateway pluto[6849]: "L2TP-PSK"[2] [remote IP address] #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 Sep 15 15:47:34 gateway pluto[6849]: "L2TP-PSK"[2] [remote IP address] #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Sep 15 15:47:34 gateway pluto[6849]: "L2TP-PSK"[2] [remote IP address] #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x0dca8d83 <0x8c0b136e xfrm=AES_128-HMAC_SHA1 NATOA=<invalid> NATD=<invalid>:4500 DPD=enabled} But it disconnects and I get the following error: Sep 15 15:47:41 gateway xl2tpd[6157]: Maximum retries exceeded for tunnel 16877. Closing. Sep 15 15:47:48 gateway xl2tpd[6157]: Connection 10 closed to [home IP address], port 51077 (Timeout) Here's my config files: /etc/ipsec.conf Quote:
Quote:
Quote:
|
IPsec
Not sure but I think LeftNextHop should be your internet gateway. Like... your IP is 22.22.22.22 and your external gateway is 22.22.22.254 then that should be your leftnexthop, I think...
|
Actually, it turned out to be a problem with Openswan. The current version is 2.6.x, which is what was installed by default from RPMForge. However, there is a bug in 2.6.x that causes L2TP to fail.
Downgrading Openswan to 2.4.15 fixed the problem. |
OpenSwan problem
Thank you for sharing this with us. I'm sure many others have had similiar problems without figuring out why the he.. it doesn't work.
|
Here is a nice link on how to set xl2tpd vps
It worked for me. http://helpinlinux.blogspot.com/2011...-l2tp-vpn.html |
L2TP VPN server configuration on Linux, specially CentOS, check the following links.
Using xl2tpd application: http://linuxexplore.com/how-tos/l2tp-vpn-using-xl2tpd/ Using rpl2tpd application: http://linuxexplore.com/how-tos/l2tp...sing-rp-l2tpd/ Really useful, i wrote them for implementation, may be helpful for you too. Thanks, Linux Explore | Exploring the Linux World :-) |
Hi
there is a nice example in this blog for L2TP over IPSec, you can download the config example and test it |
All times are GMT -5. The time now is 11:32 PM. |