VPN - VPN doesn't go on a RFC1483 LLC routed, and goes on PPPoE

Author

VPN doesn't go on a RFC1483 LLC routed, and goes on PPPoE

temporaneo1234@yahoo.it

2005-04-10, 5:46 pm

I have three sites:
two has PPPoE connection, with DSL modem and variable IP
one has RFC1483 LLC routed, with DSL router and fixed IP

each one has IPCOP v1.4.5, and every machine is directly pingable; (the
router is configurated with DMZ to IPCOP machine)

The problem is that VPN goes on two PPPoE sites, and doesn't on the
other site.
Seeking the "ipsec barf" I can see this:
Apr 10 23:57:56 ipcop pluto[3071]: packet from xxx.xxx.xxx.xxx:500:
initial Main Mode message received on 192.168.1.1:500 but no connection
has been authorized with policy=PSK

(xxx.xxx.xxx.xxx is public IP of the "remote" machine)
(192.168.1.1 is the red IP of IPCOP)

The lan is so configurated:
router: wan: fixed ip
router: lan: 192.168.1.254
|
ipcop: red: 192.168.1.1
ipcop: green: 192.168.130.254
|
lan 192.168.130.0/255.255.255.0

The configuration are similar on the three IPCOP machine, so the only
different is on RFC1483 sites. But what?

Code:

left=xxx.xxx.xxx.xxx
leftnexthop=%defaultroute
leftsubnet=192.168.130.0/255.255.255.0
right=yyy.yyy.yyy.yyy
rightsubnet=192.168.101.0/255.255.255.0
rightnexthop=%defaultroute
dpddelay=30
dpdtimeout=120
dpdaction=hold
authby=secret
auto=start

[/code]

temporaneo1234@yahoo.it

2005-04-13, 5:46 pm

Reading about it
(http://community.smoothwall.org/for...opic.php?t=6519), I have
found only an error in my last configuration, but it doesn't solve
anyway: leftid's param

so, the connection should be:

left=xxx.xxx.xxx.xxx (red ip of ipcop 192.168.1.1)
leftnexthop=%defaultroute
leftid=zzz.zzz.zzz.zzz (public ip of the router connected to internet)
leftsubnet=192.168.130.0/255.255.255.0
right=yyy.yyy.yyy.yyy (public ip of the remote)
rightsubnet=192.168.101.0/255.255.255.0
rightnexthop=%defaultroute
dpddelay=30
dpdtimeout=120
dpdaction=hold
authby=secret
auto=start

+++++++++++++
but nothing, the results is the same:

Apr 13 14:52:01 ipcop pluto[10322]: packet from yyy.yyy.yyy.yyy:500:
initial Main Mode message received on 192.168.1.1:500 but no connection
has been authorized with policy=PSK

and it's the same for the other end's:
Apr 13 14:54:13 ipcop pluto[15548]: packet from zzz.zzz.zzz.zzz:4500:
initial Main Mode message received on yyy.yyy.yyy.yyy:4500 but no
connection has been authorized with policy=PSK

Seeking, route log of the dsl router show that there is connection from
192.168.1.1 to yyy.yyy.yyy.yyy

What can I do to solve?

temporaneo1234@yahoo.it

2005-04-13, 5:46 pm

I have found a new issue. Thinking, there is a problem with
ipsec.secrets....

the message on "ipsec barf" say that is missing something... so I have
tried to insert more "secrets"... like:
192.168.1.1 yyy.yyy.yyy.yyy
and some other...

results: the connection now became opened, even if routing doesn't
work...

in case of a router, how is the right ipsec.secrets pam's?

temporaneo1234@yahoo.it

2005-05-01, 5:49 pm

I sovle an "old" problem about making up a VPN with two IPCOP machines,
where in one DSL is a PPPoE type, and another one is IPoA type.

The router used on IPoA must permit VPN-passthrough

Problems solves with a manual modify of files on IPCOP machines where
is IPoA connection:
/etc/ipsec.conf
/etc/ipsec.secrets

/etc/ipsec.secrets:
this file must referring to RED IPCOP interfaces (192.168.1.1) and to
WAN address (xxx.xxx.xxx.xxx is the public IP addresso of other side of
VPN):
[code]
192.168.1.1 xxx.xxx.xxx.xxx : PSK "password"
WANIPpubblic xxx.xxx.xxx.xxx : PSK "password"
[/code]

/etc/ipsec.conf:
follow this schema
left= RED IP of IPCOP
leftid= public WAN IP
leftnexthop= IP address of gatway (router)

[code]
conn NameConnection
left=192.168.1.1
leftid=WANIPpubblic
leftnexthop=192.168.1.254
leftsubnet=192.168.130.0/255.255.255.0
right=xxx.xxx.xxx.xxx
rightsubnet=192.168.100.0/255.255.255.0
rightnexthop=%defaultroute
dpddelay=30
dpdtimeout=120
dpdaction=hold
authby=secret
auto=start
[/code]