[Openswan Users] Access (routing) problems

Jacco de Leeuw jacco2 at dds.nl
Mon Oct 18 18:20:56 CEST 2004

Damir Dezeljin wrote:

>> I'm trying to configure OpenSWan as an IPSec L2TP VPN gateway for my
>> road-warriors. They will mostly access my network from NAT-ed networks
>> using WinXP build in IPSec / L2TP client.
> Now if I try to connect, the IPSec tunnel is build sucesfully, however
> nothing is going to the L2TPd daemon.
>>conn winxp
>>  compress=yes

Windows does not support IPcomp compression. I don't think it will get
confused if Openswan proposes compression, but it certainly will not be

>>  leftprotoport=17/0
 >> pluto[23102]: packet from ignoring Vendor ID payload
 >> [MS NT5 ISAKMPOAKLEY 00000003]

Seems that you did not install the NAT-T update on the Windows client.
You also need to use leftprotocolport=17/1701

 > BTW: Is it correct that 'leftsubnet' is not defined (empty)? Because if I
 > add it, even the first part (IPSec negotiation) fails?

Yes. IPsec in Transport Mode is basically point-to-point, the L2TP part
does the subnet thing.

 > I can't understand why my iptables rules doesn't display any package
 > comming from ipsec0 as tcpdump does.
 > iptables rule:
 > ----
 > iptables -I INPUT 1 -i ipsec0 -j LOG --log-level info \
 >   --log-prefix "[IPSEC] "
 > ----

Don't know, but check the troubleshooting section:

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list