[Openswan Users] Can't connect Win98 MSL2TP client toOpenSwanServer

Jacco de Leeuw jacco2 at dds.nl
Tue Jul 5 15:55:36 CEST 2005


Mark Cave-Ayland wrote:

>>The MSL2TP client has some issues with Openswan-1, not really 
>>disconnecting IPsec SAs etc.
>  
> when trying to reconnect I get messages> in the log file saying that the
> connection already exists - I guess this is the symptom of this bug?

I think so, yes.

> Hmmm OK. Thinking about this, I'm not sure I need the extra private subnets
> listed since I believe I'm forcing all traffic to go over L2TP. If this is
> the case, then if the roadwarrior's IP address get taken from the PPP
> connection and not the ESP/NAT-T packets, then I should be fine if a
> roadwarrior happens to get assigned an address behind a NAT router that
> clashes with one of our internal IPs? Or have I missed something here?

I'm not sure if you understand. The private subnets listed in virtual_private
are the ones that are allowed for use by (Windows) clients behind NAT.
In most cases you don't know in advance what subnets the folks at home
are using, so usually you list all possible subnets. However, you also need
to *exclude* subnets used by the VPN router, otherwise your IP routing
does not work (can't use the same subnet on disjoint networks).

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list