I setup the l2tp tunnel with openswan and xl2tpd in kubuntu 13.04, the system is connected with ADSL router with ip address 192.168.1.1 which is the default gateway for the system, the system ip addess is 192.168.1.10, as i see the log the tunnel is established:
Quote:
104 "L2tp-Client" #1: STATE_MAIN_I1: initiate
003 "L2tp-Client" #1: ignoring unknown Vendor ID payload [882fe56d6fd20dbc2251613b2ebe5beb]
003 "L2tp-Client" #1: received Vendor ID payload [XAUTH]
003 "L2tp-Client" #1: received Vendor ID payload [Dead Peer Detection]
003 "L2tp-Client" #1: received Vendor ID payload [RFC 3947] method set to=115
106 "L2tp-Client" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "L2tp-Client" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
108 "L2tp-Client" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "L2tp-Client" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
117 "L2tp-Client" #2: STATE_QUICK_I1: initiate
004 "L2tp-Client" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xcf9b3dde <0x0fa388a1 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
|
this is the xl2tpd.log:
Quote:
CHAP authentication succeeded
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
rcvd [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
Unsupported protocol 'Compression Control Protocol' (0x80fd) received
sent [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
rcvd [IPCP ConfNak id=0x1 <addr 10.128.0.3> <ms-dns1 10.128.0.1> <ms-dns2 10.128.0.1>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 10.128.0.3> <ms-dns1 10.128.0.1> <ms-dns2 10.128.0.1>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 10.128.0.3> <ms-dns1 10.128.0.1> <ms-dns2 10.128.0.1>]
rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 10.128.0.1>]
sent [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 10.128.0.1>]
not replacing existing default route via 192.168.1.1
Cannot determine ethernet address for proxy ARP
local IP address 10.128.0.3
remote IP address 10.128.0.1
primary DNS address 10.128.0.1
secondary DNS address 10.128.0.1
Script /etc/ppp/ip-up started (pid 4245)
Script /etc/ppp/ip-up finished (pid 4245), status = 0x0
sent [LCP EchoReq id=0x1 magic=0x1cd9ebc0]
rcvd [LCP EchoReq id=0x1 magic=0x252cb1b9]
sent [LCP EchoRep id=0x1 magic=0x1cd9ebc0]
rcvd [LCP EchoRep id=0x1 magic=0x252cb1b9]
sent [LCP EchoReq id=0x2 magic=0x1cd9ebc0]
rcvd [LCP EchoRep id=0x2 magic=0x252cb1b9]
Terminating connection due to lack of activity.
Connect time 30.0 minutes.
Sent 0 bytes, received 0 bytes.
Script /etc/ppp/ip-down started (pid 4569)
sent [LCP TermReq id=0x3 "Link inactive"]
Script /etc/ppp/ip-down finished (pid 4569), status = 0x0
rcvd [LCP TermAck id=0x3]
Connection terminated.
|
This is ifconfig:
Quote:
eth0 Link encap:Ethernet HWaddr 00:07:e9:a8:ea:93
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::207:e9ff:fea8:ea93/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1481 errors:0 dropped:0 overruns:0 frame:0
TX packets:1632 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:555421 (555.4 KB) TX bytes:233129 (233.1 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1190 errors:0 dropped:0 overruns:0 frame:0
TX packets:1190 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:223253 (223.2 KB) TX bytes:223253 (223.2 KB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.128.0.3 P-t-P:10.128.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:81 (81.0 B) TX bytes:72 (72.0 B)
|
This is route -n output:
Quote:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
10.128.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
91.121.166.108 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
|
Quote:
tcpdump -i ppp0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
tcpdump: pcap_loop: The interface went down
0 packets captured
0 packets received by filter
0 packets dropped by kernel
|
Why the traffic didn't go throught the tunnel?
Traffic didn't go throught the ipsec tunnel?
