[Openswan Users] Roadwarrior L2TP connection drops after 2hours, openswan <=> XPSP2

[Ronald Moesbergen]

Ronald Moesbergen schreef:

>>>>no IKE algorithms for this connection 
>>>>NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation
>> 
>>>I suspect the problem starts here. Do you get the same problem when you
>>>disable AES and/or the XP SP2 is not behind NAT? Is there a chance that
>>>you can disable XAUTH for two hours and see if that solves the problem?
>> 
>> 
>> I think I was a little unclear: the XP clients are not using XAUTH,
>> just NAT-T.

>That was clear to me because the built-in XP client does not support XAUTH.
>I was wondering if the XAUTH on Openswan was interfering with the XP
>roadwarrior connection.

Ah ok. Well in fact I already tried that (enabled just the l2tp connection, 
not the others) but it didn't make a difference.

>It's none of my business but why are you using XAUTH for the Openswan-Cisco
>connection? Neither are road warriors, right? Certificates on both sides
>should be more secure.

The Cisco 3000 on the other end belongs to one of our customers who lets us use
it to give support. Unfortunately they refuse to use something other than 
XAUTH for some obscure reason. Sigh.

>> At the moment I don't have access to a directly connected XPSP2 machine,
>> so I can't test without NAT, sorry.

>Perhaps the DSL modem can be switched to bridge mode for two hours.
>(Don't forget to enable Windows Firewall in SP2 :-).

Hmm, interesting, I'll look into it.

>> Thanks for your reply, I'll let you know the outcome.

>Did the developers indicate what part could be at fault?

Yes, they also pointed out the 'Only 0 NAT-D' stuff as being the culprit.

>Jacco
>-- 
>Jacco de Leeuw                         mailto:jacco2 at dds.nl
>Zaandam, The Netherlands           http://www.jacco2.dds.nl

Thanks,
Ronald.