[strongSwan] L2TP over strongswan

Randy Wyatt rwwyatt01 at gmail.com
Mon Apr 27 23:41:00 CEST 2015 

Rajiv,
  Thank you for your help.

There were a couple of issues.
1.) Don't use the Fedora Package.  It is missing several critical
components such as ipsec.  The logging output was also different.
2.) The ultimate problem was with the PSK.
I know have xl2tpd/Strongswan up and running.

On Mon, Apr 27, 2015 at 12:05 PM, Rajiv Kulkarni <rajivkulkarni69 at gmail.com>
wrote:

> why dont you try the below sample configs please:
>
> On L2TP-Server
> ===============
> # /etc/ipsec.conf - strongSwan IPsec configuration file
>
> config setup
>     strictcrlpolicy=no
>     crlcheckinterval=180
>
> conn %default
>     ikelifetime=30m
>     keylife=15m
>     rekeymargin=3m
>     keyingtries=1
>     mobike=no
>     dpdaction=clear
>     dpddelay=30
>     dpdtimeout=120
>
> conn mainconn
>     left=2.2.2.2
>     leftprotoport=17/1701
>     right=%any
>     rightprotoport=17/1701
>     authby=secret
>     type=transport
>     keyexchange=ikev1
>     auto=add
>
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
> : PSK "123456"
>
> On the L2TP-Client
> ===================
> # /etc/ipsec.conf - strongSwan IPsec configuration file
>
> config setup
>     strictcrlpolicy=no
>
> conn %default
>     ikelifetime=30m
>     keylife=15m
>     rekeymargin=3m
>     keyingtries=1
>     mobike=no
>     dpdaction=restart
>     dpddelay=30
>     dpdtimeout=120
>
> conn topeergwconnection
>     left=1.1.1.2
>     leftprotoport=17/1701
>     right=2.2.2.2
>     rightprotoport=17/1701
>     authby=secret
>     type=transport
>     keyexchange=ikev1
>     auto=route
>
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
> : PSK "123456"
>
> =======================================
>
> There is NO leftsubnet, on either server or the client, to be mentioned as
> its a transport mode tunnel (using udp/1701, the l2tp port, as the selector)
>
> thanks & regards
> Rajiv
>
>
>
>
>
> On Mon, Apr 27, 2015 at 10:51 PM, Randy Wyatt <rwwyatt01 at gmail.com> wrote:
>
>> I am trying to setup a roadwarrior L2TP server using strongswan as the
>> ipsec layer.
>>
>> I keep running into the following error message in the logs:
>>
>> pr 27 13:15:59 Saturn charon: 11[NET] received packet: from client1[12117
>> ] to server1[500] (408 bytes)
>> Apr 27 13:15:59 Saturn charon: 11[ENC] parsed ID_PROT request 0 [ SA V V
>> V V V V V V ]
>> Apr 27 13:15:59 Saturn charon: 11[IKE] no IKE config found for
>> server1...client1, sending NO_PROPOSAL_CHOSEN
>>
>> The configuration in ipsec is as follows:
>> [root at Saturn log]# cat /etc/ipsec.conf
>> config setup
>>         cachecrls=yes
>>         strictcrlpolicy=yes
>>         charondebug="ike 2, knl 3, cfg 2"
>>
>> conn %default
>>         keyingtries=1
>>         keyexchange=ike
>>
>> conn roadwarrior
>>         type=transport
>>         authby=secret
>>         pfs=yes
>>         rekey=no
>>         left=server1
>>         leftsubnet=172.17.1.0/24
>>         leftprotoport=1701
>>         right=%any
>>         rightprotoport=1701
>>         auto=add
>>
>>  cat /etc/ipsec.secrets
>> server1 %any : PSK "mypsk"
>>
>>
>> Any ideas on What I am doing wrong?
>>
>> Regards,
>> Randy
>> --
>> Randy W. Wyatt
>> rwwyatt01 at gmail.com
>> Home: 858-309-5303
>> Cell: 858-598-4421
>> Fax: 858-408-7554
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>
>
>


-- 
Randy W. Wyatt
rwwyatt01 at gmail.com
Home: 858-309-5303
Cell: 858-598-4421
Fax: 858-408-7554
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150427/11c86edd/attachment.html>

More information about the Users mailing list