LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 12-08-2011, 06:28 AM   #1
tusharsharma43
LQ Newbie
 
Registered: Jan 2010
Location: Vadodara, Gujarat
Distribution: Fedora, OpenSuse, Ubuntu, Mint and Debian
Posts: 21

Rep: Reputation: 0
Unhappy unable to setup l2tp over ipsec using racoon and xl2tpd


While establishing tunnel between two peer i got following

oops, lost a packet or two continuing...
and this error keeps on coming very frequently.
Please Help me in setting up l2tp over ipsec between linux server and windows
client

Linux server config

racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";

remote anonymous {
exchange_mode main;
nat_traversal on;
generate_policy on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous {
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}

#############################################################
psk.txt

* 12345
#############################################################
setkey.conf

flush;
spdflush;

# All tunnels to this host shall use ESP transport mode
spdadd $1[l2tp] 0.0.0.0/0 udp -P out ipsec esp/transport//require;
spdadd 0.0.0.0/0 $1[l2tp] udp -P in ipsec esp/transport//require;

where $1 is wan ip address

###############################################################
xl2tpd.conf

[global]
port = 1701
access control = no
ipsec saref = yes

[lns default]
exclusive = yes
ip range = 192.168.1.81-192.168.1.89
local ip = 192.168.1.80
;hidden bit = no
length bit = yes
name = VPNServer
ppp debug = yes
require authentication = yes
unix authentication = no
require chap = yes
refuse pap = yes
pppoptfile = /etc/ppp/options.xl2tpd


/etc/ppp/options.xl2tpd

lock
auth
name "l2tp-server"
dump
# CCP seems to confuse Android clients, better turn it off
noccp
novj
novjccomp
nopcomp
noaccomp
require-mschap
require-mschap-v2
ms-dns 192.168.1.80
lcp-echo-interval 120
lcp-echo-failure 10
idle 1800
connect-delay 5000
nodefaultroute
noipdefault

proxyarp
mtu 1400
mru 1400

#############################################################
/etc/ppp/chap-secrets

root * ipsectest *
 
Old 12-09-2011, 06:19 AM   #2
tusharsharma43
LQ Newbie
 
Registered: Jan 2010
Location: Vadodara, Gujarat
Distribution: Fedora, OpenSuse, Ubuntu, Mint and Debian
Posts: 21

Original Poster
Rep: Reputation: 0
still same problem

i have capture packet in wireshark, all goes well
tunnel gets up , packets goes encrypted, still
i don't understand why it shows this line in debug mode in xl2tpd.

expand_payload, oops lost a packet or two continuing ,,



Thanking You,

Tushar
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
XL2TPD over IPSEC on Debian with OS X / iPhone clients thePiet Linux - Networking 1 11-01-2013 05:19 AM
Racoon + L2TP roadwarrior with Mac OS X Server VPN oli004 Linux - Networking 0 02-12-2010 04:45 PM
help with racoon/ipsec cizzi Linux - Security 1 10-25-2009 04:20 PM
IPSec/L2TP mahesh_sonawane Linux - Networking 1 06-04-2007 02:32 AM
IPsec : Problem with racoon HaPagan Linux - Security 1 11-30-2005 01:23 AM


All times are GMT -5. The time now is 10:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration