[Openswan Users] Can't connect Win98 MSL2TP client to OpenSwan Server

Jacco de Leeuw jacco2 at dds.nl
Wed Jun 29 17:07:55 CEST 2005

Mark Cave-Ayland wrote:

> I'm having trouble trying to setup a VPN using OpenSwan v1.0.7, X509
> certificates, and a roadwarrier Win98 using the MSL2TP client behind a
> masquerading router. This is on a Linux 2.4 kernel using KLIPS.

Are you using IPCop, by any chance? I'm asking because they are still
using Openswan 1.0.7 while the Openswan team encourages Openswan-2.

  > virtual_private=%v4:,%v4:,%v4:,%v4:!192
> .168.2.0/24,%v4:!
> conn l2tp-win2kxpsp2
>         # Use PSK, disable PFS
>         #authby=secret
>         pfs=no
>         # Left (local host)
>         left=213.x.x.x
>         leftcert=cacerts/cacert.pem

Is this the root certificate? If so, then this is incorrect.
You need to issue a separate certificate for the server.

>         leftprotoport=17/1701
>         leftnexthop=%defaultroute
>         # Right (remote host)
>         right=%any
>         rightid="C=GB, ST=Devon, L=Plymouth, O=WebBased Ltd, OU=VPN, CN=*"
>         rightprotoport=17/1701

You forgot to add:

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list