[Openswan Users] Openswan + L2TP
Paul Wouters
paul at xelerance.com
Wed Aug 10 23:56:40 CEST 2005
On Wed, 10 Aug 2005, Marcos Ferreira da Silva wrote:
> conn roadwarrior-net
> leftsubnet=192.168.99.0/255.255.255.0
> also=roadwarrior
>
> conn roadwarrior-all
> leftsubnet=0.0.0.0/0
> also=roadwarrior
>
> conn roadwarrior-l2tp
> leftprotoport=17/1701
> rightprotoport=17/1701
> also=roadwarrior
>
> conn roadwarrior-l2tp-oldwin
> leftprotoport=17/0
> rightprotoport=17/1701
> also=roadwarrior
>
> conn roadwarrior
> left=192.168.1.1
> right=%any
> rightsubnet=vhost:%no,%priv
> auto=add
> pfs=yes
Unfortunately, this will not work. Openswan cannot properly pick the right
connection for the incoming IKE requests, even if some of them are transport
mode instead of tunnel mode. Either do L2TP or non-L2TP, or add an IP address
so the left= becomes the parameter openswan can choose the connections from.
> I configure the VPN Client on winXP to connect to 192.168.1.1, but has
> no service L2TP at this address.
Either run L2TP while listening to ANY address, or port forward port 1701.
See Jacco de Leeuw's pages on how to setup L2TP.
Paul
More information about the Users
mailing list