[Openswan Users] Breaking L2TP connection
Jacco de Leeuw
jacco2 at dds.nl
Wed Aug 17 11:42:53 CEST 2005
Matthias Haas wrote:
>>>openswan 2.2.1
>>
>>You will have to upgrade if this is not a typo.
>
> To which version would you suggest to update to? 2.3.x lacks a lot of
> stability
There are some rekeying and NAT-T fixes in the 2.3.x series. If you
were experiencing problems with NAT-T and/or rekeying then an upgrade
seems to be the most likely option. You will have to take up stability
issues with the Openswan development team.
> config setup
> nat_traversal=yes
virtual_private= is missing. I'm surprised that your NATed client
worked at all. Or is your NAT device doing IPsec passthrough?
> conn l2tp_0-L2TP_1701__gw-gw_213.179.141.11-0.0.0.0
> left=213.179.141.11
> leftnexthop=%direct
> right=%any
> authby=rsasig
> leftcert=/etc/ipsec.d/server.crt
> auto=add
> pfs=no
> leftprotoport=17/1701
> rightprotoport=17/1701
> rightrsasigkey=%cert
rightsubnet=vhost:%no,%priv is missing.
I would also suggest rightca=%same since you are not using
rightcert=.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list