First of all, I know there are tons of threads regarding this topic. But, after spending a nice weekend trying to fix this, I ended up starting a topic myself.
I have set up ipsec (Openswan 2.6.23) and xl2tpd (xl2tpd 1.2.4) on two Debian Squeeze boxes, using various guides on the internet:
http://nielspeen.com/blog/2009/04/li...c-osx-clients/
http://www.jacco2.dds.nl/networking/linux-l2tp.html
http://rootmanager.com/ubuntu-ipsec-...s-clients.html
Initially, I have set this up on a NAT'ed Debian box. Situation:
Box (192.168.0.1) --> Gateway (192.168.0.254) --> Internet (My Public IP)
I have configured the gateway (Linksys WRT54G) to throw all incoming traffic directly to 192.168.0.1. To be sure, I cleared the firewall at the box (iptables -F).
For as far I can see in /var/log/auth.log, an ipsec connection is set up:
Code:
*snip*
Dec 6 22:01:42 server01 pluto[29430]: "server01-nat"[14] 145.53.236.22 #14: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x069ea011 <0x83485a02 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=145.53.236.22:4500 DPD=none}
Code:
Dec 6 21:45:55 server01 xl2tpd[29517]: get_call: allocating new tunnel for host 145.53.236.22, port 49865.
Dec 6 21:45:57 server01 xl2tpd[29517]: build_fdset: closing down tunnel 24015
Dec 6 21:45:57 server01 xl2tpd[29517]: get_call: allocating new tunnel for host 145.53.236.22, port 49865.
Dec 6 21:45:57 server01 xl2tpd[29517]: control_finish: Peer requested tunnel 22 twice, ignoring second one.
Dec 6 21:45:57 server01 xl2tpd[29517]: build_fdset: closing down tunnel 10487
Dec 6 21:45:58 server01 xl2tpd[29517]: get_call: allocating new tunnel for host 145.53.236.22, port 49865.
Dec 6 21:45:58 server01 xl2tpd[29517]: control_finish: Peer requested tunnel 22 twice, ignoring second one.
Dec 6 21:45:58 server01 xl2tpd[29517]: build_fdset: closing down tunnel 54285
Dec 6 21:46:02 server01 xl2tpd[29517]: get_call: allocating new tunnel for host 145.53.236.22, port 49865.
Dec 6 21:46:02 server01 xl2tpd[29517]: control_finish: Peer requested tunnel 22 twice, ignoring second one.
Dec 6 21:46:02 server01 xl2tpd[29517]: build_fdset: closing down tunnel 28367
Dec 6 21:46:02 server01 xl2tpd[29517]: Maximum retries exceeded for tunnel 58798. Closing.
Dec 6 21:46:10 server01 xl2tpd[29517]: get_call: allocating new tunnel for host 145.53.236.22, port 49865.
Dec 6 21:46:10 server01 xl2tpd[29517]: control_finish: Peer requested tunnel 22 twice, ignoring second one.
Dec 6 21:46:10 server01 xl2tpd[29517]: build_fdset: closing down tunnel 6449
Dec 6 21:46:10 server01 xl2tpd[29517]: build_fdset: closing down tunnel 58798
Dec 6 21:46:10 server01 xl2tpd[29517]: Connection 22 closed to 145.53.236.22, port 49865 (Timeout)
Dec 6 21:46:15 server01 xl2tpd[29517]: Unable to deliver closing message for tunnel 58798. Destroying anyway.
It seems like there is no traffic flowing to the other side. Suspecting my Linksys WRT54G, I have set up the same configuration at another box hanging directly to the internet, without any weird firewalls between it. But the same thing happens there too.
This is my xl2tpd.conf:
Code:
[lns default]
ip range = 192.168.0.200-192.168.0.210
local ip = 192.168.0.100
length bit = yes
require chap = yes
refuse pap = yes
require authentication = yes
name = server01
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
[global]
debug tunnel = yes
listen-addr = 192.168.0.1
And options.xl2tpd:
Code:
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.0.1
noccp
auth
crtscts
idle 1800
mtu 1472
mru 1472
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
What am I doing wrong?