[Openswan Users] IPCop + msl2tp client issues
Jacco de Leeuw
jacco2 at dds.nl
Thu Feb 10 21:03:08 CET 2005
Martin Goldstone wrote:
> I'm currently having a few issues with getting my IPCop box to even
> think about setting up an IPSec SA with my win98 laptop running the
> msl2tp client.
> Basically, I want to use PSK for the authorisation at this moment in
> time. I'm pretty sure thats configured properly.
I assume IPCop is using a 2.4 kernel with KLIPS? Then you cannot use
the PSK in combination with NAT-T.
I assume you have read the IPCop L2TP/IPsec Howto by Duncan Reed?
He explains how you can generate certificates with IPCop's built-in
Certificate Authority.
http://www.elminster.com/xoops/modules/phpwiki/index.php/IpcopL2tpRemoteAccessServer
If you don't fancy using certificates at this stage, you could temporarily
remove the broadband router (or use analog dial-up) so that you don't
have to deal with NAT while you sort things out. However I can understand
if you don't want to hook up Windows 98 directly to the Internet, even if
it is for a brief period.
> I've tried everything I can think of doing in ipsec.conf, so basically,
> I'd appreciate it if someone could provide me with some sort of skeletop
> ipsec.conf file, which would hopefully allow me to at least get an IPSec
> SA established.
I've taken a look at Duncan's Howto and noticed that he has not taken
NAT-T into account. It is not too difficult to modify the ipsec.conf
for NAT-T but it is going to be a real pain if the standard IPCop kernel
does not support NAT-T...
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list