[Openswan Users] freeswan-1.99: cannot respond to IPsec SA

Jacco de Leeuw jacco2 at dds.nl
Mon Mar 29 23:49:50 CEST 2004


Dennis Leist wrote:

> vpnserver pluto[27464]: "w2k-client"[5] 213.39.182.221 #3: only 
> OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.  Attribute 
> OAKLEY_GROUP_DESCRIPTION

Is this with XP or W2K? If it is the latter, then you need to install
at least Service Pack 2 to upgrade the encryption strength. I was
going to ask if you had disabled PFS but since you are using L2TP
over IPsec I assume you used the New Connection Wizard, which
disables PFS by default.

> I'd like to use options number 2 ;-) cause I tried Marcus Mueller'S 
> ipsec.exe - it didn't do anything!

With ipsec.exe the connection is started only when there is traffic
(e.g. when you ping the remote network).

> Which option is used to activate NAT-T on the server?

nat_traversal=yes

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl



More information about the Users mailing list