[Openswan Users] Breaking L2TP connection

Jacco de Leeuw jacco2 at dds.nl
Wed Aug 17 11:42:53 CEST 2005


Matthias Haas wrote:

>>>openswan 2.2.1
>>
>>You will have to upgrade if this is not a typo.
> 
> To which version would you suggest to update to? 2.3.x lacks a lot of
> stability 

There are some rekeying and NAT-T fixes in the 2.3.x series. If you
were experiencing problems with NAT-T and/or rekeying then an upgrade
seems to be the most likely option. You will have to take up stability
issues with the Openswan development team.

> config setup
>         nat_traversal=yes

virtual_private= is missing. I'm surprised that your NATed client
worked at all. Or is your NAT device doing IPsec passthrough?

> conn l2tp_0-L2TP_1701__gw-gw_213.179.141.11-0.0.0.0
>         left=213.179.141.11
>         leftnexthop=%direct
>         right=%any
>         authby=rsasig
>         leftcert=/etc/ipsec.d/server.crt
>         auto=add
>         pfs=no
>         leftprotoport=17/1701
>         rightprotoport=17/1701
>         rightrsasigkey=%cert

rightsubnet=vhost:%no,%priv is missing.
I would also suggest rightca=%same since you are not using
rightcert=.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list