[Openswan Users] Can't connect Win98 MSL2TP client to OpenSwanServer

Mark Cave-Ayland m.cave-ayland at webbased.co.uk
Wed Jun 29 16:27:49 CEST 2005

Hi Jacco,

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Jacco de Leeuw
> Sent: 29 June 2005 15:08
> To: users at openswan.org
> Subject: Re: [Openswan Users] Can't connect Win98 MSL2TP 
> client to OpenSwanServer


> Are you using IPCop, by any chance? I'm asking because they 
> are still using Openswan 1.0.7 while the Openswan team 
> encourages Openswan-2.

I'm actually using Devil Linux 1.2 at the moment
(http://www.devil-linux.org). Are the configuration files reasonably
compatible between version 1 and 2? If so, I could submit a request asking
them to consider version 2 for the next release.

> > conn l2tp-win2kxpsp2
> >         # Use PSK, disable PFS
> >         #authby=secret
> >         pfs=no
> >         # Left (local host)
> >         left=213.x.x.x
> >         leftcert=cacerts/cacert.pem
> Is this the root certificate? If so, then this is incorrect. 
> You need to issue a separate certificate for the server.

I'm a little rusty on certificate side, but I believe it is a self-signed CA
certificate which I have used. I followed the instructions on Nate's page to
set up a separate CA just for VPN certificates. If this is a security risk,
then I will consider changing it.

> >         leftprotoport=17/1701
> >         leftnexthop=%defaultroute
> >         # Right (remote host)
> >         right=%any
> >         rightid="C=GB, ST=Devon, L=Plymouth, O=WebBased 
> Ltd, OU=VPN, CN=*"
> >         rightprotoport=17/1701
> You forgot to add:
>            rightsubnet=vhost:%no,%priv

Ahh. I bet that's it :) I'll see if I can test either later today or

I have another question too: as I've marked as a private
network, what happens if a IPSec/L2TP client with a internal
address before NAT tries to connect? Will it simply not be allowed to
connect to the Openswan server?

Many thanks,


WebBased Ltd
17 Research Way
Tamar Science Park
PL6 8BT 

T: +44 (0)1752 797131
F: +44 (0)1752 791023
W: http://www.webbased.co.uk

More information about the Users mailing list