[Openswan Users] WinXP and "cannot respond to IPsec"

Alexander Samad alex at samad.com.au
Wed Mar 10 23:53:56 CET 2004


On Wed, Mar 10, 2004 at 01:51:54PM +0100, Paul Wouters wrote:
> On Wed, 10 Mar 2004, Dennis Leist wrote:
> 
> > I need to set up a VPN-Server located behind a Speed Touch Router. It's 
> > IP is static.
> 
> This in itself is a problem. A VPN server should not be behind NAT. Because
> only one of two parties can be behind NAT, not both. And your clients will
> be behind nat.
>  
> > The linux box is currently running under SUSE 9.0 with 
> > freeswan-2.04_1.4.8-12.
> > 
> > /---------------\        /---------------\        /---------------\               /---------------\
> > | Linux 2.4.19  |        |  Speed Touch  |        | w-Lan Router  |              | WINX XP       |
> > | 192.168.0.70  |<-------|  192.168.0.1  |<-------| WAN-IP:       |<-------------| W-LAN-IP:     |
> > |               |        |  62.3.4.5     |        | 80.129.5.6    |              | 192.168.1.10  |
> > \---------------/        \---------------/        \---------------/              \---------------/
> 
> I would recommend changing the configuration of the speedtouch in "single computer"
> mode, so that the linux vpn server actually does the PPTP. Then the Linux machine
> actually gets the ip 62.3.4.5

Why not put the speed touch in bridge mode and firewall at the linux box
as well at the vpn head end!

> 
> Even with that change, you need to have NAT-T support. I don't think your kernel has it,
> and I can tell your ipsec.conf doesn't have it.
> 
> Using whatever ipsec passthrough option/port forwarding is going to make this a lot
> harder. (as in orders or magnitude)
> 
> Paul 
> 
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20040310/dda2a456/attachment.bin


More information about the Users mailing list