Xl2tpd-strongswan: Unterschied zwischen den Versionen

Installation

apt-get install  xl2tpd ppp strongswan

Openswan

ipsec.conf-default

Man muss beachten, dass l2tp mit der verage eine leftsubnets in der %default-section nicht zurechtkommt! Diese Parameter müssen entfernt werden. Also falls ihr so etwas in eurer .conf drin habt:

conn %default
        authby=secret
        left=213.183.75.138
        leftsubnet=172.20.20.0/24
        ike=aes256-sha1-modp1024
        esp=aes256-sha1
        left=%defaultroute
        auto=start
        pfs=yes

bitte ändern in:

conn %default
        authby=secret
        ike=aes256-sha1-modp1024
        esp=aes256-sha1
        auto=start
        pfs=yes

ipsec.conf complete

cat /etc/ipsec.conf
version 2.0
config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    oe=off
    protostack=netkey
conn l2tp
   authby=secret
   pfs=no
   auto=add
   type=transport
   left=XXX.XXX.XXX.XXX
   leftprotoport=17/1701
   right=%any
   rightprotoport=17/%any

cat /etc/ipsec.secrets 
XXX.XXX.XXX.XXX  %any : PSK "1234"

XL2TP

cat /etc/xl2tpd/xl2tpd.conf 

[global]
#important when more then one ips on the nic
#listen-addr = XXX.XXX.XXX.XXX

ipsec saref = yes
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes

[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

PPP

cat /etc/ppp/options.xl2tpd

require-mschap-v2
ms-dns 192.168.240.21
ms-dns 192.168.240.22
asyncmap 0
auth
crtscts
lock
hide-password
modem
#for ppp3 
unit 3
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

cat /etc/ppp/chap-secrets 

xinux        l2tpd       "geheimes-passwort"	       *
#l2tpd        xinux	  "geheimes-passwort"	       *