New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openswan on ubuntu 14.04 LTS #75
Comments
the same problem as me |
Can you try to add this to the ppp options file: refuse-chap |
it works: ipsec.confversion 2.0 config setup conn l2tp-psk xl2tpd.conf[global] [lns default] optionsms-dns 8.8.8.8 chap-secretszhangxxxx * "_" 192.168.0.1/24 ipsec.secrets106.186.127.xxx 0.0.0.0: PSK "*******" |
I observe exactly the same: installing via a script I wrote works 100% of the times in 12.04, for OSX and iOS clients. With the same script/resulting setup under a fresh 14.04, the connection negotiation from the same clients that worked perfectly under 12.04 fails/stops at the exact same spot as the OP showed. It appears that xl2tpd does not get the connection request (?) from openswan, and just sits there. How can I help to debug this? |
To elaborate on this: the only difference I can spot is that under 12.04 we have (note the "NATOA=none" in the last line!)
whereas on 14.04 we don't have the explicit workaround and accept the peer's proposal (note the "NATOA=192.168.8.14" on the last line) and we do not enter into the L2TP-PSK-noNAT connection. Again, exact same configuration as under 12.04 where this works:
Below I include the complete logs for both 12.04 and 14.04 with the exact same configuration (in fact, I updated from that 12.04 instance to 14.04 keeping the openswan/xl2tpd configuration).
|
And just to top this off: I downgraded from openswan 1:2.6.38-1 in 14.04 to the default openswan 1:2.6.37-1 in 12.04 (from here: http://www.ubuntuupdates.org/package/core/precise/universe/base/openswan) and upon connecting, it immediately works, going as expected into the noNat connection:
|
On Sat, 9 Aug 2014, fortiko wrote:
That is a bug with transport mode using the wrong IP address. I don't
Upstream openswan is dead. While I maintain openswan in RHEL6 (which Paul |
Thanks for the clarifications. I was not aware that upstream openswan was dead, so I guess I have to wait for the libreswan packages to arrive and then adapt my script! |
thank for zhangping. |
I've got the same problem. |
In the @zhangping's config, the real part which make it works is he merge two
while his is:
As @fortiko pointed out, the only different in the log is: 12.04
14.04:
Don't know why it receiverd Delete SA after transport mode is established, and didn't try the Can someone explain for me? |
i have install xl2tp over openswan in ubuntu 12.04_amd64 LTS, and it is runing. The last week ubuntu 14.04_amd64 LTS was released, so i try to install xl2tp over openswan in ubuntu 14.04.
The install way is same as what i did in ubuntu 12.04 LTS. But it cannot running. The difference between them maybe is the following:
(1) the kernel version( kernel 3.8.0-29 vis kernel 3.13.0-24)
(2) the openswan version( openswan 2.6.37 on ubuntu 12.04, and openswan 2.6.38 on ubuntu 14.04)
anybody can help me resolve this problem?
the attachment is following:
(1)/var/log/auth.log
(2)the packets catched be wireshake
(3) the configuration of openswan and xl2tpd
The text was updated successfully, but these errors were encountered: