[Openswan Users] Access (routing) problems
Jacco de Leeuw
jacco2 at dds.nl
Mon Oct 18 18:20:56 CEST 2004
Damir Dezeljin wrote:
>> I'm trying to configure OpenSWan as an IPSec L2TP VPN gateway for my
>> road-warriors. They will mostly access my network from NAT-ed networks
>> using WinXP build in IPSec / L2TP client.
>
> Now if I try to connect, the IPSec tunnel is build sucesfully, however
> nothing is going to the L2TPd daemon.
>
>>conn winxp
>> compress=yes
Windows does not support IPcomp compression. I don't think it will get
confused if Openswan proposes compression, but it certainly will not be
accepted.
>> leftprotoport=17/0
>> pluto[23102]: packet from 193.88.99.33:500: ignoring Vendor ID payload
>> [MS NT5 ISAKMPOAKLEY 00000003]
Seems that you did not install the NAT-T update on the Windows client.
You also need to use leftprotocolport=17/1701
> BTW: Is it correct that 'leftsubnet' is not defined (empty)? Because if I
> add it, even the first part (IPSec negotiation) fails?
Yes. IPsec in Transport Mode is basically point-to-point, the L2TP part
does the subnet thing.
> I can't understand why my iptables rules doesn't display any package
> comming from ipsec0 as tcpdump does.
>
> iptables rule:
> ----
> iptables -I INPUT 1 -i ipsec0 -j LOG --log-level info \
> --log-prefix "[IPSEC] "
> ----
Don't know, but check the troubleshooting section:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Troubleshooting
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list