Hi all
maybe I made some steps ahead
I installed xl2tpd-1.3.1-9 and openswan-2.6.36
I continued reading the
https://wiki.archlinux.org/index.php...N_client_setup
Now I'm able to set the tunnel, at least that's what I think looking at the logs
Code:
ipsec_setup: Starting Openswan IPsec U2.6.36/K2.6.33.4-smp...
Starting xl2tpd : xl2tpd[13129]: setsockopt recvref[30]: Protocol not available
xl2tpd[13129]: This binary does not support kernel L2TP.
xl2tpd[13129]: xl2tpd version xl2tpd-1.3.1 started on MySlack PID:13129
xl2tpd[13129]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[13129]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[13129]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[13129]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[13129]: Listening on IP address 0.0.0.0, port 1701
104 "L2TP-PSK" #1: STATE_MAIN_I1: initiate
003 "L2TP-PSK" #1: ignoring unknown Vendor ID payload [8f9cc94e01248ecdf147594c284b213b]
003 "L2TP-PSK" #1: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-01]
003 "L2TP-PSK" #1: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-02]
003 "L2TP-PSK" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
003 "L2TP-PSK" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] method set to=107
003 "L2TP-PSK" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 107
003 "L2TP-PSK" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
003 "L2TP-PSK" #1: received Vendor ID payload [RFC 3947] method set to=109
003 "L2TP-PSK" #1: received Vendor ID payload [Dead Peer Detection]
106 "L2TP-PSK" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "L2TP-PSK" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
108 "L2TP-PSK" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "L2TP-PSK" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
117 "L2TP-PSK" #2: STATE_QUICK_I1: initiate
003 "L2TP-PSK" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=a70d2966
003 "L2TP-PSK" #2: NAT-Traversal: received 2 NAT-OA. ignored because peer is not NATed
004 "L2TP-PSK" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x3b2c4b46 <0x1da26a31 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
xl2tpd[13129]: Connecting to host <remoteserverip>, port 1701
xl2tpd[13129]: Connection established to <remoteserverip>, 1701. Local: 37299, Remote: 3726 (ref=0/0).
xl2tpd[13129]: Calling on tunnel 37299
xl2tpd[13129]: Call established with <remoteserverip>, Local: 30217, Remote: 1, Serial: 1 (ref=0/0)
xl2tpd[13129]: start_pppd: I'm running:
xl2tpd[13129]: "/usr/sbin/pppd"
xl2tpd[13129]: "passive"
xl2tpd[13129]: "nodetach"
xl2tpd[13129]: ":"
xl2tpd[13129]: "debug"
xl2tpd[13129]: "file"
xl2tpd[13129]: "/etc/ppp/options.l2tpd.client"
xl2tpd[13129]: "ipparam"
xl2tpd[13129]: "<remoteserverip>"
xl2tpd[13129]: "/dev/pts/1"
ppp0 seems to be my tunnel, as per
Code:
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 90:e6:ba:80:4a:00 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:25:d3:d1:42:bf brd ff:ff:ff:ff:ff:ff
4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1376 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
# ifconfig
eth0 Link encap:Ethernet HWaddr 90:e6:ba:80:4a:00
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:29
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:400 (400.0 B) TX bytes:400 (400.0 B)
ppp0 Link encap:Point-to-Point Protocol
inet addr:<my_rem_lanip> P-t-P:<rem_serverlanip> Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1376 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:94 (94.0 B) TX bytes:92 (92.0 B)
wlan0 Link encap:Ethernet HWaddr 00:25:d3:d1:42:bf
inet addr:<mylocalip> Bcast:xxx.xxx.xxx.xxx Mask:255.255.255.0
inet6 addr: fe80::225:d3ff:fed1:42bf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2364 errors:0 dropped:0 overruns:0 frame:0
TX packets:2476 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1531054 (1.4 MiB) TX bytes:322098 (314.5 KiB)
Now it's time to set some routing rules.
This is the routing table just before changing anything
Code:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
<myrouterip> * 255.255.255.255 UH 0 0 0 ppp0
<mylan.0> * 255.255.255.0 U 0 0 0 wlan0
loopback * 255.0.0.0 U 0 0 0 lo
default <myrouterip> 0.0.0.0 UG 0 0 0 wlan0
Then
Code:
# route add <rem_serverlanip>/32 wlan0
# route add <rem_box_lanip> gw <rem_serverlanip> wlan0
I made the first assertion because without it I always obtained
Code:
SIOCADDRT: No such process
Now the routing table looks like that
Code:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
<rem_box_lanip> <rem_serverlanip> 255.255.255.255 UGH 0 0 0 wlan0
<rem_serverlanip> * 255.255.255.255 UH 0 0 0 wlan0
<rem_serverlanip> * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0
loopback * 255.0.0.0 U 0 0 0 lo
default <myrouterip> 0.0.0.0 UG 0 0 0 wlan0
but I'm not able to ping the remote machine.
My knowledge don't let me complete this task: anybody could help me understanding what is wrong?
Thanks