[Openswan Users] problem when used openswan,can you help me.thanks

Thu Apr 21 10:31:29 CEST 2005

first i am very sorry for my poor english.
i wan't to use openswan to build a vpn between computer A(WIN98,L2PT,192.168.0.67)and computer B(linux red hat 8,kernel 2.4,openswan,192.168.0.68).

the ipsec.conf is like this
conn test
	left=192.168.0.67
	right=192.168.0.68
	encrypt=yes
	authby=secret
	pfs=no
	leftprotoport=17/1701
	rightprotoport=17/1701
	auto=add

the ipsec.secret is like this
192.168.0.67 192.168.0.68: PSK "123456789"

the chap-secrets is like this
tpl * "123456789" 192.168.0.67

the l2tpd.conf is like this
[global]
 listen-addr = 192.168.0.68
[lns default]
ip range = 192.168.0.67
local ip = 192.168.0.68
require chap = yes
refuse pap = no
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

the options.l2tpd is like this
ipcp-accept-local
ipcp-accept-remote
ms-dns  192.168.1.1
ms-dns  192.168.1.3
ms-wins 192.168.1.2
ms-wins 192.168.1.4
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

when i used computerA(win98)to connect to computer B,the /var/log/secure showed IPsec SA established {ESP=>0xd0612df2 <0x7c8f934d xfrm=3DES_0-HMAC_SHA1}
but the computer A showed connect failed,and i can't ping each other this time,before the connect they can ping each other successful.
the log in computer A also showed IPsec SA established.
I do not konwn why,but i found the tcpdump in computer B showed "192.168.0.68 > 192.168.0.67   192.168.0.68 l2tp port unreachable"
so i used "iptables -F" in computer B,but the problem is the same.

can you help me,thanks very much!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050421/9846be62/attachment.htm