I recently installed OpenSwan on my Fedora 13 machine. I want to use it to connect with Mac OS X with L2TP over IPSEC, unfortunately I am already stuck on the IPSEC-negotation part.
My server is running behind a NATted firewall so my external IP differs from the server’s IP. The server has a fixed IP on the network and the same is almost always valid for the clients (they are usually behind a NATted firewall).
I installed OpenSwan on Fedora 13 and have following configuration:
config setup protostack=netkey nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off nhelpers=0 conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=my.servers.external.ip leftprotoport=17/1701 right=%any rightprotoport=17/0
IPSEC starts fine and listens to UDP 500 and 4500. These two ports are opened in the firewall and are forwarded fine to the server.
In my /etc/ipsec.secrets file I have
my.servers.external.ip %any: "LongAndDifficultPassword"
And finally in my sysctl.conf (the redirect-entries are there because OpenSwan was strongly protesting about send/accept_redirects being active) I have
net.ipv4.ip_forward = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0
Running “ipsec verify” gives me “all greens” (except Opportunistic Encryption Support, which is DISABLED), however, when trying to connect my Mac gives me following in the logs:
Nov 1 19:30:28 macbook pppd: pppd 2.4.2 (Apple version 412.3) started by user, uid 1011 Nov 1 19:30:28 macbook pppd: L2TP connecting to server 'my.servers.ip.address' (my.servers.ip.address)... Nov 1 19:30:28 macbook pppd: IPSec connection started Nov 1 19:30:28 macbook racoon: Connecting. Nov 1 19:30:28 macbook racoon: IKE Packet: transmit success. (Initiator, Main-Mode message 1). Nov 1 19:30:31 macbook racoon: IKE Packet: transmit success. (Phase1 Retransmit). Nov 1 19:30:38: --- last message repeated 2 times --- Nov 1 19:30:38 macbook pppd: IPSec connection failed
Any ideas at all?