[Openswan Users] Re: Windows2k/XP L2TP/IPSec client
Trevor Benson
tbenson at a-1networks.com
Sun Mar 7 10:24:30 CET 2004
Yeah it is all resolved. Nate direct mailed me and I had missed a few
pieces after rebuilding a few times. Works wonderfully.
Thanks to you Jacco, Nate, and Martin Koeppe for the wonderful howto's.
MS Clients can also give Error 792: (L2TP connection errors) from having
a leftsubnet, or missing protoports. Seems the Microsoft client skips
past ipsec related errors even before the ipsec tunnel is completed and
traffic is allowed to the MS server.
Trevor
> -----Original Message-----
> From: users-bounces at lists.openswan.org [mailto:users-
> bounces at lists.openswan.org] On Behalf Of Jacco de Leeuw
> Sent: Sunday, March 07, 2004 2:50 AM
> To: users at lists.openswan.org
> Subject: [Openswan Users] Re: Windows2k/XP L2TP/IPSec client
>
> Trevor Benson wrote:
>
> > First off If there is a simpler way to assign DHCP LAN address to a
> > Windows XP RoadWarrior AND/OR allow domain authentication for
windows
> > clients PLEASE let me know ;).
>
> PPTP might be simpler (no certs required) but not necessarily more
secure.
>
> > conn Roadwarrior02
> >
> > left=64.142.54.112
> > leftnexthop=%defaultroute
> > leftsubnet=192.168.169.0/255.255.255.0
>
> You need to remove the leftsubnet line. It is L2TP that provides
> access to the subnet.
>
> > leftcert=/var/ipcop/certs/hostcert.pem
> > right=0.0.0.0
>
> right=%any is probably more meaningful here.
>
> And you also need
>
> > leftprotoport=17/0
> > rightprotoport=17/1701
>
> as Nate Carlson already pointed out.
>
> Jacco
> --
> Jacco de Leeuw
> mailto:jacco2 at dds.nl How to deal with Windows problems:
> http://www.jacco2.dds.nl - Is it a small problem? Reboot.
> Zaandam, the Netherlands - Is it a big problem? Reinstall.
>
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list