[Openswan dev] [Openswan Users] Spam: Re: Spam: Re: WinXp l2tp over ipsec (fwd)

Paul Wouters paul at xelerance.com
Fri Apr 27 10:38:12 EDT 2007



---------- Forwarded message ----------
Date: Fri, 27 Apr 2007 12:55:58 +0100
From: Bill Melotti <Bill.Melotti at cognitomobile.com>
To: Jacco de Leeuw <jacco2 at dds.nl>, users at openswan.org
Subject: Re: [Openswan Users] Spam:  Re: Spam:  Re: WinXp l2tp over ipsec

Jacco

Your comment on KLIPS/PSK issues led me to this bug report

http://bugs.xelerance.com/view.php?id=601

Whether it is linked to PSKs or Certs I don't know but I cannot believe
KLIPS never worked properly, so maybe.

Anyway hand patching this is to the code has now caused my l2tpd to
start responding. Its not working yet, which I suspect is l2tp config
issues, but this has resolved my issue.

Next job is to locate the fix for this bug if anyone has any
suggestions?

Regards

Bill Melotti
Network Operations Manager

V 01635-508200
F 01635-550783
E bill.melotti at cognitomobile.com

Cognito Ltd
Block 4
Benham Valence
Newbury
Berks
RG20  8LU

www.cognitomobile.com



-----Original Message-----
From: Jacco de Leeuw [mailto:jacco2 at dds.nl]
Sent: 26 April 2007 17:23
To: Bill Melotti
Subject: Spam: Re: Spam: Re: WinXp l2tp over ipsec


> Reason for address 192.9.100.0 is simply because that is the subnet
> allocated behind the client NAT device (not a 192.168.x.x as strictly
> should be used.

You could run into problems. I see this range is allocated to Sun
Microsystems.

> The comment ref nat traversal at the end are because for whatever
reason
> the version of openswan (2.4.7) does not recognise nat_traversal in
the
> conf file, I have to put it on the command line (discovered this the
> other day, which was big leap forward)

I seem to have missed later attempts in your log which show that a
connection was actually set up. Sorry about that.

I must admit that I have not used KLIPS recently. I mostly use 2.6
kernels. Last time I used KLIPS it did *not* work with PSKs
when NAT-T was involved. Perhaps the Openswan developers have fixed it
by now. Otherwise you might have to switch to certificate
authentication.

Perhaps the problem is in L2TP after all. Could you send me your
l2tpd.conf,
options.l2tpd and the l2tpd log file?

What distribution are you using?

> However there is a question over my version. When I run 'ipsec
> --version' I do not get 'Openswan-2.4.7' even though I have downloaded
> 2.4.7. I get something like 'cvsMar2002_....'

I saw this too with with an old Openswan version when I used KLIPS.
I don't know what this is supposed to mean.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl



This message has been scanned for viruses by MailController -
www.MailController.altohiway.com


NOTICE: Cognito Limited. Benham Valence, Newbury, Berkshire, RG20 8LU.  UK. Company number 02723032
This e-mail message and any attachment is confidential. It may not be disclosed to or used by anyone other than the intended recipient. If you have received this e-mail in error please notify the sender immediately then delete it from your system. Whilst every effort has been made to check this mail is virus free we accept no responsibility for software viruses and you should check for viruses before opening any attachments. Opinions, conclusions and other information in this email and any attachments which do not relate to the official business of the company are neither given by the company nor endorsed by it.


This message has been scanned for viruses by Mail Controller - www.MailController.altohiway.com
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Dev mailing list