[Openswan Users] Can't connect Win98 MSL2TP client
m.cave-ayland at webbased.co.uk
Tue Jul 5 13:46:54 CEST 2005
> -----Original Message-----
> From: users-bounces at openswan.org
> [mailto:users-bounces at openswan.org] On Behalf Of Jacco de Leeuw
> Sent: 29 June 2005 15:59
> To: users at openswan.org
> Subject: Re: [Openswan Users] Can't connect Win98 MSL2TP
> client toOpenSwanServer
> Yes, the upgrade should be painless. The MSL2TP client has
> some issues with Openswan-1, not really disconnecting IPsec SAs etc.
OK I will suggest an upgrade on the mailing lists :) I did get the Win98
client to work in the end, however when trying to reconnect I get messages
in the log file saying that the connection already exists - I guess this is
the symptom of this bug?
> Yes, I think you should change it. One of the reasons is that
> you can issue certificate on an offline server. That's more
> secure. Currently, your CA's private key is on that server.
Yup. I started again from scratch and created a new CA - I now use a
separate host key/certificate for the VPN gateway and it works fine.
> > I have another question too: as I've marked 192.168.2.0/24 as a
> > private network, what happens if a IPSec/L2TP client with a
> > 192.168.2.0/24 address before NAT tries to connect? Will it
> simply not
> > be allowed to connect to the Openswan server?
> Good question. I'm positive that the connection won't work in
> this case but I can't remember if the connection is actually
> rejected by Openswan. I certainly hope so.
Hmmm OK. Thinking about this, I'm not sure I need the extra private subnets
listed since I believe I'm forcing all traffic to go over L2TP. If this is
the case, then if the roadwarrior's IP address get taken from the PPP
connection and not the ESP/NAT-T packets, then I should be fine if a
roadwarrior happens to get assigned an address behind a NAT router that
clashes with one of our internal IPs? Or have I missed something here?
Thanks again for your time,
17 Research Way
Tamar Science Park
T: +44 (0)1752 797131
F: +44 (0)1752 791023
More information about the Users