[Openswan Users] Update - openswan problems
Jacco de Leeuw
jacco2 at dds.nl
Tue Feb 22 19:08:42 CET 2005
Douglas Sterner schreef:
> Could someone tell me if these config files are going to work for an
> L2TP/IPSEC setup for my roadwarriors on dynamic ips. I would appreciate
> any help using openswan 2.3.0
>
> config setup
> forwardcontrol=yes
> interfaces="ipsec0=eth1"
What kernel and distribution are you using with Openswan?
ipsec0 would indicate you are using KLIPS but on kernel 2.6
this is still experimental.
> conn roadwarrior-l2tp
> auto=start
> left=%defaultroute
> leftcert=chpas-linuxvpn.mydomain.com.pem
> leftprotoport=17/1701
> pfs=no
> right=%any
> rightprotoport=17/1701
> type=tunnel
>
> conn roadwarrior-l2tp-oldwin
> left=%defaultroute
> leftcert=chpas-linuxvpn.mydomain.com.pem
> leftprotoport=17/0
> right=%any
> rightprotoport=17/1701
> */rightsubnet=vhost:%no,%priv ?? Is this right/*
No, this is not right. Non-updated Windows 2000/XP clients do not support
NAT-T. So rightsubnet=vhost:%no,%priv will not have the intended result.
This line should be moved to the previous conn section, roadwarrior-l2tp,
which is meant for updated Windows 2000/XP clients.
This is a small error in Nate Carlson's configuration.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list