[Openswan Users] Can't connect Win98 MSL2TP client to OpenSwanServer

Mark Cave-Ayland m.cave-ayland at webbased.co.uk
Wed Jun 29 16:27:49 CEST 2005 

Hi Jacco,

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Jacco de Leeuw
> Sent: 29 June 2005 15:08
> To: users at openswan.org
> Subject: Re: [Openswan Users] Can't connect Win98 MSL2TP 
> client to OpenSwanServer

(cut)

> Are you using IPCop, by any chance? I'm asking because they 
> are still using Openswan 1.0.7 while the Openswan team 
> encourages Openswan-2.

I'm actually using Devil Linux 1.2 at the moment
(http://www.devil-linux.org). Are the configuration files reasonably
compatible between version 1 and 2? If so, I could submit a request asking
them to consider version 2 for the next release.

> > conn l2tp-win2kxpsp2
> >         # Use PSK, disable PFS
> >         #authby=secret
> >         pfs=no
> >         # Left (local host)
> >         left=213.x.x.x
> >         leftcert=cacerts/cacert.pem
> 
> Is this the root certificate? If so, then this is incorrect. 
> You need to issue a separate certificate for the server.

I'm a little rusty on certificate side, but I believe it is a self-signed CA
certificate which I have used. I followed the instructions on Nate's page to
set up a separate CA just for VPN certificates. If this is a security risk,
then I will consider changing it.

> 
> >         leftprotoport=17/1701
> >         leftnexthop=%defaultroute
> >         # Right (remote host)
> >         right=%any
> >         rightid="C=GB, ST=Devon, L=Plymouth, O=WebBased 
> Ltd, OU=VPN, CN=*"
> >         rightprotoport=17/1701
> 
> You forgot to add:
>            rightsubnet=vhost:%no,%priv

Ahh. I bet that's it :) I'll see if I can test either later today or
tomorrow.

I have another question too: as I've marked 192.168.2.0/24 as a private
network, what happens if a IPSec/L2TP client with a internal 192.168.2.0/24
address before NAT tries to connect? Will it simply not be allowed to
connect to the Openswan server?


Many thanks,

Mark.

------------------------
WebBased Ltd
17 Research Way
Tamar Science Park
Plymouth
PL6 8BT 

T: +44 (0)1752 797131
F: +44 (0)1752 791023
W: http://www.webbased.co.uk

More information about the Users mailing list