OpenSwan (IPSEC) on Fedora 13 with Snow Leopard as a client

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by sicn on Server Fault See other posts from Server Fault or by sicn
Published on 2010-11-01T18:49:41Z Indexed on 2012/09/21 21:43 UTC
Read the original article Hit count: 375

Filed under:
|
|
|

I recently installed OpenSwan on my Fedora 13 machine. I want to use it to connect with Mac OS X with L2TP over IPSEC, unfortunately I am already stuck on the IPSEC-negotation part.

My server is running behind a NATted firewall so my external IP differs from the server's IP. The server has a fixed IP on the network and the same is almost always valid for the clients (they are usually behind a NATted firewall).

I installed OpenSwan on Fedora 13 and have following configuration:

config setup
    protostack=netkey
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    nhelpers=0

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=my.servers.external.ip
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/0

IPSEC starts fine and listens to UDP 500 and 4500. These two ports are opened in the firewall and are forwarded fine to the server.

In my /etc/ipsec.secrets file I have

my.servers.external.ip %any: "LongAndDifficultPassword"

And finally in my sysctl.conf (the redirect-entries are there because OpenSwan was strongly protesting about send/accept_redirects being active) I have

net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0

Running "ipsec verify" gives me "all greens" (except Opportunistic Encryption Support, which is DISABLED), however, when trying to connect my Mac gives me following in the logs:

Nov  1 19:30:28 macbook pppd[4904]: pppd 2.4.2 (Apple version 412.3) started by user, uid 1011
Nov  1 19:30:28 macbook pppd[4904]: L2TP connecting to server 'my.servers.ip.address' (my.servers.ip.address)...
Nov  1 19:30:28 macbook pppd[4904]: IPSec connection started
Nov  1 19:30:28 macbook racoon[4905]: Connecting.
Nov  1 19:30:28 macbook racoon[4905]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
Nov  1 19:30:31 macbook racoon[4905]: IKE Packet: transmit success. (Phase1 Retransmit).
Nov  1 19:30:38: --- last message repeated 2 times ---
Nov  1 19:30:38 macbook pppd[4904]: IPSec connection failed

Any ideas at all?

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about macosx

Related posts about fedora

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle