[Openswan Users] WinXP SP2: incomplete ISAKMP SA but certs are imported properly

Dennis Leist dl at byteeffect.de
Wed Nov 24 23:34:21 CET 2004


Jacco de Leeuw wrote:

>
> Dennis wrote:
>
>> Kernel : 2.6.5-7.75 on SuSE 9.1. NAT-T support ist installed and 
>> works nicely with a  NATed w2k-client.
>
>
> I have not done extensive NAT-T testing on 26sec yet (incl. SuSE 9.1).
> I'm happy to hear that it works for Windows 2000 clients. Are you using
> l2tpd or rp-l2tp?

I use l2ptd.
But as far as I can see, no negotiation on this level starts, because 
the Peer ID never reaches the vpn-gateway.

>
>>        leftprotoport=17/0
>>        rightprotoport=17/1701
>
>
> Seems to me that this should be leftprotoport=17/1701 when the NAT-T 
> update
> Q818043 or XP SP2 has been installed on the Windows client.

leftprotoport=17/0
is well working with SP2 or Q818043 installed, but I will check that. ;-)

Dennis


More information about the Users mailing list