[Openswan Users] openswan 2.2.0 and pocket pc 2003

Tomasz Grzelak tgrzelak at wktpolska.com.pl
Tue Dec 28 08:26:59 CET 2004 

Dnia pon 27. grudnia 2004 18:18, napisałeś:
> Tom wrote:
> > Has anyone managed to connect a pocket pc 2003 to he openswan server via
> > L2TP/IPSec?
>
> Yes, I did. (With the Pocket PC emulator, that is).
>
> > I have configured the server and windows xp clients
> > (roadwarriors) are able to connect to (ppp authentication is CHAP only),
>
> Pocket PC 2003 only supports MS-CHAPv1 and v2. Make sure you use pppd 2.4.2
> or higher and add "require-chapms-v2" to /etc/ppp/options.l2tpd.

I haven't used pppd 2.4.2 yet, because I thought it was the l2tp problem, not 
pppd's. Shouldn't an l2tp session be established first, and after that ppp 
connection over the l2tp session? Am I wrong? (this is the reason I've 
searched a problem in the l2tp layer only, but it is my mistake maybe...)

Any way, I'll try to configure newer pppd daemon to support ms-chap.

> > no matter they are behind NAT or not. This works fine.
> > But I am not able to connect a pocket pc 2003 client. I have even managed
> > to import certificates (my CA and client cert + private key, so I don't
> > use PSK), but connection fails during the l2tp establishment.
>
> Perhaps it is easier to start with a PSK and without NAT-T.

I don't think so :) I spent a lot of weeks to understand and configure vpn 
access for xp roadwarriors (NATed or NOT NATed) with certificates, and it 
works! Pocket pc is just another client, and it connects from behind NAT, so 
I must use NAT-T anyway. I managed to import certificates to the PPC thanks 
to your GREAT tutorials and tools! And like I said, as the PPC tried to 
connect, the SA was established every time as I could see in the auth.log; 
the l2tp layaer failed...

> > It seems a client tries to establish an l2tp session on and on,
> > but the l2tp daemon cannot establish the connection (in the daemon.log:
> >  'control_finish: Peer requested tunnel 3 twice, ignoring second one.'
> > and later: 'control_xmit: Maximum retries exceeded for tunnel 52239. 
> > Closing.') I've pasted a part of the log at the end of my message.
>
> The problem is not likely to be in L2TP but rather in PPP or IPsec. Have
> you checked pppd's log messages? Are there any Openswan error messages?

As 'normal' xp client connects, the l2tp daemon runs pppd. I can see in the 
daemon.log:

Dec 27 21:59:02 guardian l2tpd[20569]: start_pppd: I'm running:
Dec 27 21:59:02 guardian l2tpd[20569]: "/usr/sbin/pppd"

But when the PPC connects I cannot see anything about pppd in the log, so I 
thought it was the l2tp problem only. But I'll try with newer pppd like I 
said.

> > Can anyone help me, please? I haven't googled anything about this issue.
>
> Did you read this page?
> http://www.jacco2.dds.nl/networking/freeswan-pocketpc.html

Of course I read! You had written the BEST tutorials I managed to find in the 
web!!! I would probably spend a month or two more (or even more :) ) to get 
to this point without them! YOU DID A REALLY GREAT WORK!

> Jacco

Tomek

More information about the Users mailing list