[Openswan Users] Openswan/L2TP Windows Roadwarrier setup

Jacco de Leeuw jacco2 at dds.nl
Sun Aug 1 10:55:53 CEST 2004


Eric Anderson wrote:

> pretty sketchy on the settings so I am guessing that is where I have 
> things wrong but the docs and man pages seem so cryptic to me I can't 
> quite understand what I need to change.

There are also commercial L2TP/IPsec offerings:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#ServerswithL2TPIPsec

And there are alternatives such as PPTP and plain IPsec.

> Starting Openswan IPsec cvs2002Mar11_19:19:03...
> Openswan IPsec version: openswan-2.1.4-15.rhfc1.at

cvs2002? But 2.1.4 is the current version. Odd...

 > Jul 29 17:18:48 nogo pluto[15983]: "L2TP-PSK-orgWIN2KXP"[2] 65.6.P.Q #2:
 > cannot respond to IPsec SA request because no connection is known for
 > 65.83.X.Y[S=C]:17/0...65.6.P.Q[192.168.0.111,S=C]:17/1701===192.168.0.111/32
> The remote client is sitting behind NAT so it's actual address is 192.168.0.111

The NAT is the problem.

- Currently you can't use NAT-T with a PSK. Certificates are recommended.
- nat_traversal=yes should be added
   (Jul 31 18:05:01 including NAT-Traversal patch (Version 0.6c) [disabled])
- Your Windows box does not have the NAT-T update (Q818043).
   (as indicated by the :17/0 in the "no connection is known" error).
- I'm not sure if the FC1 kernel RPMS from atrpms.net support NAT-T in
   Transport Mode.

See also:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#NAT

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list