[Openswan Users] Problem with connection road
Jacco de Leeuw
jacco2 at dds.nl
Tue Jul 20 17:19:04 CEST 2004
Salvatore Basso wrote:
> Error 792: Try to connection L2TP not succeed. Time worn
> out for protection negotiation
That's a fairly generic timeout message. You will have to check
OAKLEY.LOG and/or PPP.LOG. See also:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Troubleshooting
>>I don't think you should allow L2TP in when it is not protected by IPsec.
>
> ..therefore I can then not use ??
I think you misunderstand how L2TP-over-IPsec works. You can use L2TP,
as long as it is tunnelled (protected) within IPsec. Plain L2TP is
not secure. On the external interface you should never see UDP
port 1701 open (check with nmap or so).
> are you useless ??
Ehm?
> ... sorry for my translate !! :)
Oh, I see. Alright then...
> conn left-road
> auto=start
> authby=secret
You can't use PSK with Transport Mode and NAT. Switch to certificates.
auto=add is also recommended for Road Warrior connections.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list