[Openswan Users] Openswan/L2TP Windows Roadwarrier setup
Jacco de Leeuw
jacco2 at dds.nl
Sun Aug 1 10:55:53 CEST 2004
Eric Anderson wrote:
> pretty sketchy on the settings so I am guessing that is where I have
> things wrong but the docs and man pages seem so cryptic to me I can't
> quite understand what I need to change.
There are also commercial L2TP/IPsec offerings:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#ServerswithL2TPIPsec
And there are alternatives such as PPTP and plain IPsec.
> Starting Openswan IPsec cvs2002Mar11_19:19:03...
> Openswan IPsec version: openswan-2.1.4-15.rhfc1.at
cvs2002? But 2.1.4 is the current version. Odd...
> Jul 29 17:18:48 nogo pluto[15983]: "L2TP-PSK-orgWIN2KXP"[2] 65.6.P.Q #2:
> cannot respond to IPsec SA request because no connection is known for
> 65.83.X.Y[S=C]:17/0...65.6.P.Q[192.168.0.111,S=C]:17/1701===192.168.0.111/32
> The remote client is sitting behind NAT so it's actual address is 192.168.0.111
The NAT is the problem.
- Currently you can't use NAT-T with a PSK. Certificates are recommended.
- nat_traversal=yes should be added
(Jul 31 18:05:01 including NAT-Traversal patch (Version 0.6c) [disabled])
- Your Windows box does not have the NAT-T update (Q818043).
(as indicated by the :17/0 in the "no connection is known" error).
- I'm not sure if the FC1 kernel RPMS from atrpms.net support NAT-T in
Transport Mode.
See also:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#NAT
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list