On 03/17/11 13:59, Mike Tancsa wrote:
On 3/16/2011 9:32 PM, Da Rock wrote:
I'm running into all sorts of issues setting up l2tp networking. I think
I have the IPSEC part worked out, but testing parts at a time l2tp dies
in a hole.
Try without IPSEC first to make sure you have the l2tp portion correct.
Also, make sure no firewall rules are getting in the way.
Check the last note- local net only atm for testing, though the result
is the same through the firewall and on the public net. IPSEC works (I
think), but has been bypassed to resolve the l2tp issues anyway. So the
only thing between the server and client is the local network.
I have this simple mpd5 config file to act as an l2tp server in my test
environment
startup:
# configure mpd users
set user admin xxx admin
# configure the console
set console self 127.0.0.1 5005
set console open
# configure the web server
set web self 192.168.255.254 5006
set web open
log +IPV6CP
log +IPV6CP2
default:
load l2tpserver
l2tpserver:
# Define dynamic IP address pool.
set ippool add pool1 xx.159.245.1 xx.159.245.5
set ippool add pool1 10.241.241.20 10.241.241.99
set ippool add rfc1918 172.11.22.140 172.11.22.180
# Create clonable bundle template named B
create bundle template B
set iface idle 1800
set iface enable tcpmssfix
set ipcp disable vjcomp
set bundle enable ipv6cp
set ipcp deny vjcomp
set ipcp ranges xx.43.128.6/32 ippool pool1
set ipcp dns yy.211.164.51 zz.212.134.12
#set ipcp nbns 127.0.0.1
# Set bundle template to use
create link template L l2tp
set l2tp hostname sentex
set l2tp disable dataseq
set link action bundle B
# Enable peer authentication
set link disable eap
set link enable pap
set link disable acfcomp
set link disable protocomp
set link disable check-magic
set link deny acfcomp
set link keep-alive 10 60
set link deny protocomp
#load radius
set link mtu 1492
set link mru 1492
set link enable incoming
set link disable peer-as-calling
For the client, mpd5 works with the following config
l2tp_client:
#
# PPPoE client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle static B1
set iface route default
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
create link static L1 l2tp
set link action bundle B1
set auth authname testaccount-in-mpd-secret-file
set auth password thepass
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set l2tp peer 64.7.128.195
open
I also had an unscheduled reboot (power failure) and that showed up a
warning: "attempt to domain_add(netgraph) after domainfinalize()" which
I could never quite figure was fatal or not.
Thats ok. Its not an issue and is more informational than anything
Ok. So then my main question is going to be: when should I see a ng node
through ifconfig? Is it "enabled" (for want of a better term) when the
server is started, or once a connection is established? Is it the same
for mpd4 and mpd5?
And shouldn't I see something in the nglist as well?
It appears the control connection is setup and then fails for some
inexplicable reason. The client (android) logs show the same, but it is
definitely the server that kills the connection. Anything I've missed?
Make sure there are no firewall rules getting in the way. And if
possible, use a client that you know "works". The above server works
with Windows clients with IPSEC disabled. Start there, or with a
FreeBSD client.
Windows "works"? Interesting premise :) Sorry, can't help myself...
I have now only got a "clean" network- FBSD only ;) so I'll have to try
with an mpd client then.
Thanks Mike, I'll be back with some more results soon- it will take time
to install mpd.
Cheers
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"