[Openswan Users] Problem with connection road

Jacco de Leeuw jacco2 at dds.nl
Tue Jul 20 17:19:04 CEST 2004


Salvatore Basso wrote:

> Error 792: Try to connection L2TP not succeed. Time worn
 > out for protection negotiation

That's a fairly generic timeout message. You will have to check
OAKLEY.LOG and/or PPP.LOG. See also:
  http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Troubleshooting

>>I don't think you should allow L2TP in when it is not protected by IPsec.
> 
> ..therefore I can then not use ??

I think you misunderstand how L2TP-over-IPsec works. You can use L2TP,
as long as it is tunnelled (protected) within IPsec. Plain L2TP is
not secure. On the external interface you should never see UDP
port 1701 open (check with nmap or so).

 > are you useless ??

Ehm?

 > ... sorry for my translate !! :)

Oh, I see.  Alright then...

> conn left-road
>     auto=start
>     authby=secret

You can't use PSK with Transport Mode and NAT. Switch to certificates.
auto=add is also recommended for Road Warrior connections.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list