IPSEC/L2TP VPN Server on Fedora Core 3 using Kernel 2.6

petwalrus · 03-18-2005, 03:33 PM

Hello,

I am wondering if any VPN experts out there would be able to assist me in configuring my Fedora Core 3 router for allowing VPN access through L2TP/IPSEC. I would like to use the built in support in the 2.6 Kernel --- but because this is fairly new technology the documentation on how to make this work is sparse at best.

I would like to be able to connect to the VPN from Windows 2000/XP laptops that will be on the road (i.e. dynamic IP addreses) using either a shared secret or X.509 certificate.

Any help on this would be excellent, as I would love to demonstrate to management at my company the awesome power of Linux and how much money open source software can save us over using competing products (read: Windows Server).

TIA!

naved · 03-27-2005, 04:06 AM

use openswan, l2tpd, pppd, radiusclient,
go tro jacco de lucew's page on l2tpd/ipsec vpn ..he is the definitive guide on this..

petwalrus · 03-27-2005, 04:14 PM

I actually got it working! I am very pleased with the results!

Robert80 · 04-21-2005, 10:55 AM

Hi

Glad to see that you got it working.

I just try to do they same thing. However, I might have missed something in my configuration.

Here is my setup:

192.168.12.0/24
---------------
|
|
|eth1 = 192.168.12.3
|--------
| Host A | ppp0 = 192.168.12.199
|--------
|eth0 = 201.201.201.3
|
|
|
/
/
|
|
|
|IP Addr: 201.201.201.201
|--------
| Host B | ppp0 = 192.168.12.201
|--------

Host A is running Linux FC3. It had eth1 = 192.168.12.3/24; eth0 = 201.201.201.3/24

Host B is running Windows XP. Its IP address is 201.201.201.201/24.

The ppp0 of the point-to-point connection established between them using OpenSwanIPSec and L2tpd was 192.168.12.199 on the host A end and 192.168.12.201 on the host B end.

# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.12.201 * 255.255.255.255 UH 0 0 0 ppp0
201.201.201.201 201.201.201.1 255.255.255.255 UGH 0 0 0 eth0
201.201.201.0 * 255.255.255.0 U 0 0 0 eth0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth1
192.168.0.0 192.168.12.177 255.255.224.0 UG 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 201.201.201.1 0.0.0.0 UG 0 0 0 eth0

# arp -a
? (192.168.12.177) at 00:11:22:33:44:55 [ether] on eth1
? (201.201.201.1) at 55:44:33:22:11:00 [ether] on eth0
? (192.168.12.201) at * PERM PUP on eth1

The routing table and the arp table seem to be correct. Communications between host A and host B is OK. All host in network 192.168.12.0/24 could ping 192.168.12.199. However, there seemed to be a barrier between eth1 and ppp0. Hosts other than A in netwrok 192.168.12.0/24 could not access host B and host B could not reach any host in network 192.168.12.0/24 other than host A. I had disabled all the firewalls to make sure no packets would be blocked.

Moreover, I found that even I had defined "type=tunnel" in the /etc/ipsec.conf file, the "ipsec setup status" command showed "No tunnels up":

# ipsec setup status
IPsec running
pluto pid 12931
No tunnels up

Would you be so kind to advise what I would have done wrong? Thank you so much.

Regards,
LinuxNewbee