<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Arial; font-size: 12pt; color: #000000'>I've just installed the 2.4.14 + xl2tpd but I have some problem to get working the XP remote clients.<br>My net arch is:<br><br>openswan 2.4.14 192.168.1.5/24 ----- gw 192.168.1.1/24 ----- public ip : 217.128.239.224<br>--------<br>--------<br>public ip of the client ----- gw 192.168.7.1/24 ---- XP 192.168.7.2/24<br><br>If I try to connect from the lan (just to test my cert/key files), it works. So I'm sure of my certificate.<br><br>I have opened the ports 17 / 1701 / 500 / 4500 on firewall.<br>But when my client connects, I got an error : "remote computer not responding"<br><br>My conf :<br>ipsec.conf<br>version 2.0<br>config setup<br> nat_traversal=yes<br> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12:%v4:192.168.1.0/24<br> nhelpers=0<br> protostack=klips<br> interfaces="ipsec0=eth0"<br><br>conn %default<br> keyingtries=1<br> compress=yes<br> disablearrivalcheck=no<br> authby=rsasig<br> leftrsasigkey=%cert<br> rightrsasigkey=%cert<br><br>conn roadwarrior<br> type=transport<br> left=192.168.1.116<br> leftnexthop=192.168.1.1<br> leftsubnet=192.168.1.0/24<br> leftcert=integration.pem<br> leftprotoport=17/1701<br> right=%any<br> rightprotoport=17/%any<br> pfs=no<br> auto=add<br><br>conn block<br> auto=ignore<br><br>conn private<br> auto=ignore<br><br>conn private-or-clear<br> auto=ignore<br><br>conn clear-or-private<br> auto=ignore<br><br>conn clear<br> auto=ignore<br><br>conn packetdefault<br> auto=ignore<br><br>xl2tpd.conf<br>[global]<br>port = 1701<br>listen-addr = 192.168.1.116<br><br>[lns default]<br>ip range = 192.168.1.99-192.168.1.101<br>local ip = 192.168.1.117<br>require chap = yes<br>refuse pap = yes<br>require authentication = yes<br>name = OCTIVPN<br>ppp debug = yes<br>pppoptfile = /etc/ppp/options.xl2tpd<br>length bit = yes<br><br>options.xl2tpd<br>ipcp-accept-local<br>ipcp-accept-remote<br>ms-dns 192.168.1.153<br>noccp<br>auth<br>crtscts<br>idle 1800<br>mtu 1410<br>mru 1410<br>nodefaultroute<br>debug<br>lock<br>proxyarp<br>connect-delay 5000<br><br>Any idea to resolve this ?<br><br>Thanks for your helps.<br><br>----- Mail Original -----<br>De: "Paul Wouters" <paul@xelerance.com><br>À: "Reza ISSANY" <issanyr@olympecti.fr><br>Cc: users@openswan.org<br>Envoyé: Samedi 11 Avril 2009 18h29:08 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne<br>Objet: Re: [Openswan Users] openswan + l2tp nat-t doesn't work<br><br>On Sat, 11 Apr 2009, Reza ISSANY wrote:<br><br>> Is somebody make work openswan 2.21 + L2TP with NAT-T ?<br><br>There is not such thing as openswan 2.21. You should use openswan-2.4.14<br>until bug #1004 is addressed in the openswan 2.6.x series if you are using<br>l2tp.<br><br>Paul<br></div></body></html>