[Openswan Users] Openswan-win2k
Norman Rasmussen
normanr at gmail.com
Wed Jun 8 20:19:47 CEST 2005
If you want windows to set you up with l2tp, then you only need to
configure a 'virtual private connection' and set the type of network
to 'l2tp ipsec vpn'. Then when you try and dial XP will establish the
ipsec tunnel, and try and login to your l2tp daemon, which will use
ppp to create the connection - giving you an ip on the network, and
access to the other machines.
On 08/06/05, Jerome Kaidor <jerry at tr4.tr2.com> wrote:
> Hi folks,
>
> ( Ramble, ramble )
> OK, I got Openswan peacefully running on my machine to the extent that it doesn't
> kill the Internet. There is, however, an ipsec0 interface with the same IP
> as my real eth0. In a way, that makes sense - I haven't done anything to
> assign it another IP. But how does it know what to encrypt?
>
> Now to try to actually use it for something: I have a Windows XP laptop
> that I plan to use as a roadwarrier. The setup is:
>
> WinXPLaptop - dialupInternetconnection - INTERNET - DSL - LinuxBox
>
> The IPSEC setup in XP was daunting at first, but after playing with it
> for a couple days, it seems reasonably straightforward. One nice thing
> about it is that IPSEC is tied in with the firewall: you can say "everything
> from this address or range of addresses needs to be encrypted."
>
> The standard way to do such VPNs seems to be to use l2tp over IPSEC. Is
> that what the "virtual_private" directive in ipsec.conf has to do with? I
> found an l2tp server "l2tpd-0.69" on the Net. It took minor source changes,
> and a manual "install" but I got it to compile & run on the Linux box. But
> the existance of the "virtual_private" directive makes me suspect that I may
> be duplicating something that's already in Openswan... Whups, grepping
> for "virtual_private" in the doc directory leads me to believe that it only
> has to do with NAT-traversal, which would have nothing to do with my
> machine, because it is not behind a NAT firewall ( well, it IS the NAT firewall
> for the localnet, but that has nothing to do with this AFAIK ).
>
> I'm not having good luck finding docs for l2tpd - "l2tpd.org" seems to have
> been stolen by a domain thief.
>
> But it looks like the IPSEC negotiation has to happen before l2tp - which
> makes sense because l2tp runs OVER ipsec, right? Trying to connect from the
> Win2k laptop, I get the following messages in /var/log/secure:
> -------------------- snip ---------------------
> Jun 8 09:38:30 tr4 pluto[3545]: packet from 67.118.246.28:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Jun 8 09:38:30 tr4 pluto[3545]: packet from 67.118.246.28:500: ignoring Vendor ID payload [FRAGMENTATION]
> Jun 8 09:38:30 tr4 pluto[3545]: packet from 67.118.246.28:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
> Jun 8 09:38:30 tr4 pluto[3545]: packet from 67.118.246.28:500: ignoring Vendor ID payload [Vid-Initial-Contact]
> Jun 8 09:38:30 tr4 pluto[3545]: packet from 67.118.246.28:500: initial Main Mode message received on 63.193.114.85:500 but no connection has been authorized
> ------------------ endsnip --------------------
>
> - Jerry Kaidor ( jerry at tr2.com )
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Users
mailing list