[Openswan Users] Can't connect Win98 MSL2TP client toOpenSwanServer

Mark Cave-Ayland m.cave-ayland at webbased.co.uk
Tue Jul 5 13:46:54 CEST 2005 

Hi Jacco,

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Jacco de Leeuw
> Sent: 29 June 2005 15:59
> To: users at openswan.org
> Subject: Re: [Openswan Users] Can't connect Win98 MSL2TP 
> client toOpenSwanServer

> Yes, the upgrade should be painless. The MSL2TP client has 
> some issues with Openswan-1, not really disconnecting IPsec SAs etc.

OK I will suggest an upgrade on the mailing lists :) I did get the Win98
client to work in the end, however when trying to reconnect I get messages
in the log file saying that the connection already exists - I guess this is
the symptom of this bug?

> Yes, I think you should change it. One of the reasons is that 
> you can issue certificate on an offline server. That's more 
> secure. Currently, your CA's private key is on that server.

Yup. I started again from scratch and created a new CA - I now use a
separate host key/certificate for the VPN gateway and it works fine.

> > I have another question too: as I've marked 192.168.2.0/24 as a 
> > private network, what happens if a IPSec/L2TP client with a 
> internal 
> > 192.168.2.0/24 address before NAT tries to connect? Will it 
> simply not 
> > be allowed to connect to the Openswan server?
> 
> Good question. I'm positive that the connection won't work in 
> this case but I can't remember if the connection is actually 
> rejected by Openswan. I certainly hope so.

Hmmm OK. Thinking about this, I'm not sure I need the extra private subnets
listed since I believe I'm forcing all traffic to go over L2TP. If this is
the case, then if the roadwarrior's IP address get taken from the PPP
connection and not the ESP/NAT-T packets, then I should be fine if a
roadwarrior happens to get assigned an address behind a NAT router that
clashes with one of our internal IPs? Or have I missed something here?


Thanks again for your time,

Mark.

------------------------
WebBased Ltd
17 Research Way
Tamar Science Park
Plymouth
PL6 8BT 

T: +44 (0)1752 797131
F: +44 (0)1752 791023
W: http://www.webbased.co.uk

More information about the Users mailing list