# Help with L2tp IPsec PSK

## slashlinux

Hello,

I am having trouble with openswan,l2tp and PSK, i have configured all but i can`t connect from client.

I have my configuration down:

ipsec.secrets 

```
192.168.1.46 %any : PSK "password"
```

ipsec.conf

```

# basic configuration

config setup

      

        dumpdir=/var/run/pluto/

        nat_traversal=yes

        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10        

        oe=off

        protostack=netkey

     

# Add connections here

conn myvpn

      leftprotoport=17/1701

      rightprotoport=17/%any

      rekey=no

      authby=secret

      pfs=no

      type=tunnel

      left=my ip server 

      leftnexthop=my ip gw

      right=%any

      rightsubnet=vhost:%no,%priv

      auto=add

```

chap-secret

```
# Secrets for authentication using CHAP

# client        server  secret                  IP addresses

user               *       password                 *
```

xl2tpd.conf

```
[global]

port = 1701

[lns default]

ip range = 10.0.25.2-254

local ip = 10.0.25.1

require chap = yes

refuse pap = yes

require authentication = yes

name = myvpn

ppp debug = yes

pppoptfile = /etc/ppp/options.l2tpd

length bit = yes
```

options.l2tpd

```
ipcp-accept-local

ipcp-accept-remote

ms-dns 10.0.0.4

noccp

auth

crtscts

idle 1800

mtu 1500

mru 1500

+mschap-v2

nodefaultroute

debug

lock

proxyarp

connect-delay 5000
```

ipsec verify 

```
Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path                                 [OK]

Linux Openswan U2.6.37/K3.2.0-gentoo (netkey)

Checking for IPsec support in kernel                            [OK]

 SAref kernel support                                           [N/A]

 NETKEY:  Testing XFRM related proc values                      [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects

  or NETKEY will cause the sending of bogus ICMP redirects!

        [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects

  or NETKEY will accept bogus ICMP redirects!

        [OK]

Checking that pluto is running                                  [OK]

 Pluto listening for IKE on udp 500                             [OK]

 Pluto listening for NAT-T on udp 4500                          [OK]

Checking for 'ip' command                                       [OK]

Checking /bin/sh is not /bin/dash                               [OK]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support                                [DISABLED]
```

How can I resolve ?

What i did miss?

Thanks

----------

## salahx

I wrote an article about settings up such a server: http://en.gentoo-wiki.com/wiki/IPsec_L2TP_VPN_server . It should help.

----------

