[gentoo-user] problem with l2tp-isec

[gentoo-user] problem with l2tp-isec

[covici]

Hi.  I am trying to configure l2tp-isec to a server and although it
works in Winblows, whenever I put c followed by the name, it times out.
I am not seeing any particular bad messages, except that netlink says 20
bytes left over after parsing attributes, but there seems to be no
solution to that.  I am using openswan plus xl2tp.


How can I troubleshoot this, or should I post my configs here?

Thanks in advance for any suggestions.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici@ccs.covici.com

Re: [gentoo-user] problem with l2tp-isec

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1238 bytes --]

On Thursday 19 Dec 2013 14:27:28 covici@ccs.covici.com wrote:
> Hi.  I am trying to configure l2tp-isec to a server and although it
> works in Winblows, whenever I put c followed by the name, it times out.
> I am not seeing any particular bad messages, except that netlink says 20
> bytes left over after parsing attributes, but there seems to be no
> solution to that.  I am using openswan plus xl2tp.
> 
> 
> How can I troubleshoot this, or should I post my configs here?
> 
> Thanks in advance for any suggestions.


Have you followed suggestions relevant to openswan and xl2tpd here?

  http://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server

Increase the verbosity of the openswan debugging to see if ipsec is 
established, or why it fails.

If the ipsec association is established, then check the x2ltp configuration 
and set 'debug tunnel = yes' to get more information from it, or start it as 
'xl2tpd -D' to get some useful information until you get it going.


However, if you are using Windows >=7 then it may be better to install and run 
StrongSwan with IKEv2 on Linux, which MSWindows can now support natively and 
do away with L2TP all together.  Openswan also supports IKEv2.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

Re: [gentoo-user] problem with l2tp-isec

[covici]

Thanks -- I followed the wrong wiki, I will see if there is much
difference and check the debugging.

Thanks.

Mick <michaelkintzios@gmail.com> wrote:

> On Thursday 19 Dec 2013 14:27:28 covici@ccs.covici.com wrote:
> > Hi.  I am trying to configure l2tp-isec to a server and although it
> > works in Winblows, whenever I put c followed by the name, it times out.
> > I am not seeing any particular bad messages, except that netlink says 20
> > bytes left over after parsing attributes, but there seems to be no
> > solution to that.  I am using openswan plus xl2tp.
> > 
> > 
> > How can I troubleshoot this, or should I post my configs here?
> > 
> > Thanks in advance for any suggestions.
> 
> 
> Have you followed suggestions relevant to openswan and xl2tpd here?
> 
>   http://wiki.gentoo.org/wiki/IPsec_L2TP_VPN_server
> 
> Increase the verbosity of the openswan debugging to see if ipsec is 
> established, or why it fails.
> 
> If the ipsec association is established, then check the x2ltp configuration 
> and set 'debug tunnel = yes' to get more information from it, or start it as 
> 'xl2tpd -D' to get some useful information until you get it going.
> 
> 
> However, if you are using Windows >=7 then it may be better to install and run 
> StrongSwan with IKEv2 on Linux, which MSWindows can now support natively and 
> do away with L2TP all together.  Openswan also supports IKEv2.
> 
> -- 
> Regards,
> Mick

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici@ccs.covici.com