[Openswan Users] Re: Windows2k/XP L2TP/IPSec client

Trevor Benson tbenson at a-1networks.com
Sun Mar 7 10:24:30 CET 2004


Yeah it is all resolved. Nate direct mailed me and I had missed a few
pieces after rebuilding a few times.  Works wonderfully.

Thanks to you Jacco, Nate, and Martin Koeppe for the wonderful howto's.
MS Clients can also give Error 792: (L2TP connection errors) from having
a leftsubnet, or missing protoports.  Seems the Microsoft client skips
past ipsec related errors even before the ipsec tunnel is completed and
traffic is allowed to the MS server.

Trevor

> -----Original Message-----
> From: users-bounces at lists.openswan.org [mailto:users-
> bounces at lists.openswan.org] On Behalf Of Jacco de Leeuw
> Sent: Sunday, March 07, 2004 2:50 AM
> To: users at lists.openswan.org
> Subject: [Openswan Users] Re: Windows2k/XP L2TP/IPSec client
> 
> Trevor Benson wrote:
> 
> > First off If there is a simpler way to assign DHCP LAN address to a
> > Windows XP RoadWarrior AND/OR allow domain authentication for
windows
> > clients PLEASE let me know ;).
> 
> PPTP might be simpler (no certs required) but not necessarily more
secure.
> 
> > conn Roadwarrior02
> >
> >         left=64.142.54.112
> >         leftnexthop=%defaultroute
> >         leftsubnet=192.168.169.0/255.255.255.0
> 
> You need to remove the leftsubnet line. It is L2TP that provides
> access to the subnet.
> 
> >         leftcert=/var/ipcop/certs/hostcert.pem
> >         right=0.0.0.0
> 
> right=%any is probably more meaningful here.
> 
> And you also need
> 
> > leftprotoport=17/0
> > rightprotoport=17/1701
> 
> as Nate Carlson already pointed out.
> 
> Jacco
> --
> Jacco de Leeuw
> mailto:jacco2 at dds.nl    How to deal with Windows problems:
> http://www.jacco2.dds.nl  - Is it a small problem? Reboot.
> Zaandam, the Netherlands  - Is it a big problem? Reinstall.
> 
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users




More information about the Users mailing list