[Openswan Users] WinXP and "cannot respond to IPsec"
Paul Wouters
paul at xelerance.com
Wed Mar 10 13:51:54 CET 2004
On Wed, 10 Mar 2004, Dennis Leist wrote:
> I need to set up a VPN-Server located behind a Speed Touch Router. It's
> IP is static.
This in itself is a problem. A VPN server should not be behind NAT. Because
only one of two parties can be behind NAT, not both. And your clients will
be behind nat.
> The linux box is currently running under SUSE 9.0 with
> freeswan-2.04_1.4.8-12.
>
> /---------------\ /---------------\ /---------------\ /---------------\
> | Linux 2.4.19 | | Speed Touch | | w-Lan Router | | WINX XP |
> | 192.168.0.70 |<-------| 192.168.0.1 |<-------| WAN-IP: |<-------------| W-LAN-IP: |
> | | | 62.3.4.5 | | 80.129.5.6 | | 192.168.1.10 |
> \---------------/ \---------------/ \---------------/ \---------------/
I would recommend changing the configuration of the speedtouch in "single computer"
mode, so that the linux vpn server actually does the PPTP. Then the Linux machine
actually gets the ip 62.3.4.5
Even with that change, you need to have NAT-T support. I don't think your kernel has it,
and I can tell your ipsec.conf doesn't have it.
Using whatever ipsec passthrough option/port forwarding is going to make this a lot
harder. (as in orders or magnitude)
Paul
More information about the Users
mailing list