[Openswan Users] Openswan + L2TP

Marcos Ferreira da Silva marcosfs at centershop.com.br
Wed Aug 10 19:38:52 CEST 2005


ok.

I put only

version 2.0     # conforms to second version of ipsec.conf specification

config setup
        interfaces="ipsec0=eth2"
        klipsdebug="all"
        plutodebug="control parsing"
        nat_traversal=yes
        uniqueids=yes

conn L2TP-PSK
        authby=secret
        pfs=no
        left=192.168.1.1
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        auto=add
        keyingtries=3


and this don't get the packets to 192.168.1.1:1701.

I'm reading the howto but its not so clear to me.

It has many information but don't have a complete example, explanning
step-by-step.

I have a VPN in windows but I use sonicwall client.  I would like to use
the windows client.

Em Qua, 2005-08-10 às 22:56 +0200, Paul Wouters escreveu:
> On Wed, 10 Aug 2005, Marcos Ferreira da Silva wrote:
> 
> > conn roadwarrior-net
> >        leftsubnet=192.168.99.0/255.255.255.0
> >        also=roadwarrior
> >
> > conn roadwarrior-all
> >        leftsubnet=0.0.0.0/0
> >        also=roadwarrior
> >
> > conn roadwarrior-l2tp
> >        leftprotoport=17/1701
> >        rightprotoport=17/1701
> >        also=roadwarrior
> >
> > conn roadwarrior-l2tp-oldwin
> >        leftprotoport=17/0
> >        rightprotoport=17/1701
> >        also=roadwarrior
> >
> > conn roadwarrior
> >        left=192.168.1.1
> >        right=%any
> >        rightsubnet=vhost:%no,%priv
> >        auto=add
> >        pfs=yes
> 
> Unfortunately, this will not work. Openswan cannot properly pick the right
> connection for the incoming IKE requests, even if some of them are transport
> mode instead of tunnel mode. Either do L2TP or non-L2TP, or add an IP address
> so the left= becomes the parameter openswan can choose the connections from.
> 
> > I configure the VPN Client on winXP to connect to 192.168.1.1, but has
> > no service L2TP at this address.
> 
> Either run L2TP while listening to ANY address, or port forward port 1701.
> See Jacco de Leeuw's pages on how to setup L2TP.
> 
> Paul
> 
-- 
+-----------------------------------+
| Marcos Ferreira da Silva          | 
| SecNET Consultoria em TI          |
| Consultor em Redes e Segurança    |
| Uberlândia - MG                   |
| (34) 9154-0150                    |
| www.secnetti.com.br               |
+-----------------------------------+



More information about the Users mailing list