[Openswan Users] Can't connect Win98 MSL2TP client to OpenSwanServer

Jacco de Leeuw jacco2 at dds.nl
Wed Jun 29 17:58:39 CEST 2005


Mark Cave-Ayland wrote:

> I'm actually using Devil Linux 1.2 at the moment
> (http://www.devil-linux.org). Are the configuration files reasonably
> compatible between version 1 and 2?

Yes, the upgrade should be painless. The MSL2TP client has some
issues with Openswan-1, not really disconnecting IPsec SAs etc.

>>>        leftcert=cacerts/cacert.pem
> 
> I'm a little rusty on certificate side, but I believe it is a self-signed CA
> certificate which I have used. I followed the instructions on Nate's page to
> set up a separate CA just for VPN certificates. If this is a security risk,
> then I will consider changing it.

Yes, I think you should change it. One of the reasons is that you can issue
certificate on an offline server. That's more secure. Currently, your CA's
private key is on that server.

> I have another question too: as I've marked 192.168.2.0/24 as a private
> network, what happens if a IPSec/L2TP client with a internal 192.168.2.0/24
> address before NAT tries to connect? Will it simply not be allowed to
> connect to the Openswan server?

Good question. I'm positive that the connection won't work in this case but
I can't remember if the connection is actually rejected by Openswan.
I certainly hope so.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list