[Openswan Users] IPCop + msl2tp client issues
Martin Goldstone
nightofdarkness at hotmail.com
Wed Feb 9 23:59:45 CET 2005
Hi
I'm currently having a few issues with getting my IPCop box to even think
about setting up an IPSec SA with my win98 laptop running the msl2tp client.
So, thats even before I get to play around with l2tpd!
Basically, my network layout goes something like this:
Network A (192.168.0.0/24)
|
|
|
IPCop Box (Green=192.168.0.1, Red=x.x.x.x (removed for security reasons))
(btw the red is assigned by DHCP, in practice it rarely changes)
|
|
|
Internet
|
|
|
Broadband Router (NAT Device) (Green=192.168.2.1, Red=y.y.y.y (removed for
security reasons)) (again, assigned by DHCP and doesnt really change)
|
|
|
Win98 Machine running the MS L2TP/IPSec Client (192.168.2.22)
After following several tutorials on websites, I'm still running into
difficulties.
Basically, I want to use PSK for the authorisation at this moment in time.
I'm pretty sure thats configured properly.
The error I'm getting from the logs on the IPCop box is "Packet from
y.y.y.y:500: initial Main Mode message received on x.x.x.x:500 but no
connection has been authorized with policy=PSK"
Obviously I've opened the correct ports on the firewall (iptables on IPCop
and the broadband router), otherwise I would not get that message.
I've tried everything I can think of doing in ipsec.conf, so basically, I'd
appreciate it if someone could provide me with some sort of skeletop
ipsec.conf file, which would hopefully allow me to at least get an IPSec SA
established.
If you need me to post any output or config files, I will. I just want to
get this sorted as quickly as possible. I realise it would be better if I
could do away with the need for NAT-T (which is enabled), or have another
IPCop box instead of a Win98 Laptop, but unfortunately I'm stuck with that
for the moment. Plus, I'd like to adapt it to work in a Roadwarrior type
scenario eventually as well.
Any help will be greatly appreciated, as I'm at my wits end with this now.
Cheers,
Mart
More information about the Users
mailing list