[Openswan Users] windows xp sp2 nated and openswan+l2tp

Mihai Costache tepesu at yahoo.com
Thu Jun 30 04:44:46 CEST 2005 

   hi,
 
   all my roadwarior windows xp are sp2ed and fixsp2vpn.vbs
patched.
   i can connect from any dialup or from any public ip tu
my openswan server .... but not from behind of any nat
gateway (linux or not )


this is my ipsec.conf

----------- snip ----------------------

config setup
        interfaces="ipsec0=eth0"
        klipsdebug=none
        plutodebug="control parsing"
        uniqueids=yes
        nat_traversal=yes
virtual_private="%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.100.0/24"

conn %default
        keyingtries=1
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        pfs=no

conn roadwarior-l2tpd
        left=xxx.xxx.xxx.xxx
        leftnexthop=%defaultroute
        leftprotoport=17/1701
        leftcert=/etc/ipsec.d/certs/vpnCert.pem
        right=%any
        rightprotoport=17/1701
        rightcert=/etc/ipsec.d/certs/clientCert.pem
        rightsubnet=vhost:%no,%priv
        auto=start

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

------------------ snip -----------------------------

l2tpd.conf

---- snip ---

[global]
listen-addr = 192.168.100.2

[lns default]
ip range = 192.168.100.249-192.168.100.255
local ip = 192.168.100.100
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

----- snip ----



from /var/log/secure 

---------- snip -------------

Jun 30 13:21:46 server2 pluto[20505]: | route_and_eroute:
instance "roadwarior-l2tpd"[3]
ip_from_nat_gateway_xxx.xxx.xxx.xxx, setting eroute_owner
{spd=0x80ff1b4,sr=0x80ff1b4} to
#6 (was #0) (newest_ipsec_sa=#0)
Jun 30 13:21:46 server2 pluto[20505]: | complete state
transition with STF_OK
Jun 30 13:21:46 server2 pluto[20505]: "roadwarior-l2tpd"[3]
ip_from_nat_gateway_xxx.xxx.xxx.xxx #6: transition from
state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun 30 13:21:46 server2 pluto[20505]: | inserting event
EVENT_SA_REPLACE, timeout in 3330 seconds for #6
Jun 30 13:21:46 server2 pluto[20505]: "roadwarior-l2tpd"[3]
80.86.102.110 #6: IPsec SA established {ESP=>0x9aca3e81
<0xf279257e xfrm=3DES_0-HMAC_MD5}
Jun 30 13:21:46 server2 pluto[20505]: | modecfg pull:
noquirk policy:push not-client
Jun 30 13:21:46 server2 pluto[20505]: | phase 1 is done,
looking for phase 1 to unpend
Jun 30 13:21:46 server2 pluto[20505]: | next event
EVENT_SHUNT_SCAN in 3 seconds



		
____________________________________________________ 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com

More information about the Users mailing list