Openswan can't encryption

Issues related to configuring your network
Post Reply
nesa1212
Posts: 10
Joined: 2017/02/17 03:36:15

Openswan can't encryption

Post by nesa1212 » 2017/07/13 01:40:40

I have VPN server and the topology is:

https://ibb.co/f5ctpa


I do sniffing on client 2 and when i access ftp with client 1, FTP password doesn't encrypt Here my configuration:

-/etc/ipsec.conf
version 2
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v6:fd00::/8,%v6:fe80::/10
protostack=netkey
force_keepalive=yes
keep_alive=60

conn L2TP-PSK
authby=secret
pfs=no
auto=add keyingtries=3
ikelifetime=8h
keylife=1h
ike=aes256-sha1;modp1024!
phase2alg=aes256-sha1;modp1024
type=transport left=104.18.108.2
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=10
dpdtimeout=20
dpdaction=clear
-/etc/ipsec.secrets
104.18.108.2 %any: PSK "vpnnn"
-Verify
Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K2.6.32-71.29.1.el6.i686 (netkey) Checking for IPsec support in kernel [OK]
SAref kernel support [N/A] NETKEY: Testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Testing against enforced SElinux mode [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK] Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED]

- /etc/xl2tpd/xl2tpd.conf
[global]
listen=104.18.108.2
;ipsec saref = yes
;force userspace = yes

[lns default]
ip range = 192.168.1.2-192.168.1.254
local ip = 192.168.1.1
refuse pap = yes
require authentication = yes
ppp_debug = no
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
-/etc/ppp/options.xl2tpd
require-mschap-v2
refuse-pap
ms-dns 8.8.8.8
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
name l2tpd
-/etc/ppp/chap-secrets
# client server secret IP addresses
bob l2tpd nana *
How to routing my tunnel to network ( 192.168.122.0/24 )?

FinnJoye2
Posts: 4
Joined: 2017/11/09 12:19:59

Re: Openswan can't encryption

Post by FinnJoye2 » 2017/11/11 09:17:06


Post Reply