[Openswan Users] WinXP SP2: incomplete ISAKMP SA but certs are
imported properly
Dennis Leist
dl at byteeffect.de
Wed Nov 24 23:34:21 CET 2004
Jacco de Leeuw wrote:
>
> Dennis wrote:
>
>> Kernel : 2.6.5-7.75 on SuSE 9.1. NAT-T support ist installed and
>> works nicely with a NATed w2k-client.
>
>
> I have not done extensive NAT-T testing on 26sec yet (incl. SuSE 9.1).
> I'm happy to hear that it works for Windows 2000 clients. Are you using
> l2tpd or rp-l2tp?
I use l2ptd.
But as far as I can see, no negotiation on this level starts, because
the Peer ID never reaches the vpn-gateway.
>
>> leftprotoport=17/0
>> rightprotoport=17/1701
>
>
> Seems to me that this should be leftprotoport=17/1701 when the NAT-T
> update
> Q818043 or XP SP2 has been installed on the Windows client.
leftprotoport=17/0
is well working with SP2 or Q818043 installed, but I will check that. ;-)
Dennis
More information about the Users
mailing list