[Openswan Users] no connection is known for...

[Mark Frost]

Hmmm.  I just ran a tcpdump on the OpenSwan gateway and after I start 
the XP side, I see lots of

00:09:47.142305 IP X.X.X.X > Y.Y.Y.Y: icmp 348: X.X.X.X udp port 500 
unreachable
00:09:48.554227 IP Y.Y.Y.Y.500 > X.X.X.X.500: isakmp: phase 1 I ident

again,
where
X.X.X.X = public/external address of OpenSwan gateway
Y.Y.Y.Y = public/external address of local Linksys router (WinXP client end)

So if I'm reading this right, the OpenSwan gateway is not able to send 
UDP packets to port 500 on my Linksys router.  It's not clear to me how 
I can tell why -- is it my ISP, or is it my Linksys box somehow?

I am not currently trying to make L2TP work.  The instructions I've been 
going through on Jacco de Leeuw's web site talk about getting the 
OpenSwan part working first, then once that's going, messing with L2TP. 
<http://www.jacco2.dds.nl/contact/index.html>

Thanks

Mark

Juha Pietikäinen wrote:

>Hi,
>
>according your secure log an IPsec connection is now established. I guess
>that you might have some kind of problem with upper layer protocols (UDP or
>L2TP).
>
>Have you tried to capture network traffic with Ethereal or tcpdump from your
>linux server?
>
>Is there any L2TP traffic between your remote Windows XP host and your Linux
>server?
>
>It seems to be that my own ADSL-router doesn't support directly ESP
>transport mode, which is needed by Windows XP:s L2TP/IPsec client (My
>previous messages handles this issue).  I am waiting for new firmware and I
>hope that it will fix the problem with my router.
>
>It may be that you might also have problems with your ADSL-router. I have
>incorrect checksum errors with incoming UDP packets which contain L2TP
>packets inside. Packets are rejected due to checksum errors generated in
>ADSL-router.
>
>I have managed to get L2TP/IPsec connection working only in LAN-environment.
>
>
>Juha Pietikäinen
>
>  
>
>>>>        
>>>>