[Openswan Users] Rekeying issue with Windows XP (SP2) & L2TP

Tarountaev Evgueni tarountaev at aist.com
Wed Nov 3 10:13:52 CET 2004


I have found the problem.

This is some lines from my ipsec.conf:

conn roadwarrior-l2tp-updatedwin
        pfs=no
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=/etc/ipsec.d/certs/ipsec-server.pem
        right=%any
        # rightsubnet=vhost:%no,%priv
        auto=add

rightsubnet=vhost:%no,%priv -- this line was added as described into Nate
Carlson's howto.

But looks like this line confused pluto and while it starts connection into
transport mode, then it tries to make rekeying into tunnel mode. XP side
then hangs up.

When I add "type=transport" into roadwarrior-l2tp-updatedwin, I immediately
get error message and comment rightsubnet line. After that connection was up
all night.

Now I have to test how NATed clients will operate.

--
Evgueni


More information about the Users mailing list