[Openswan Users] OpenSwan 2.3.0 L2TP response in plaintext

Jacco de Leeuw jacco2 at dds.nl
Tue Mar 1 15:26:06 CET 2005


Michel van der Breggen wrote:

> I'm having trouble with a VPN setup between our company and my home. 
> Both sides are behind a NAT router, which is configured to pass port 
> 4500/500 en protocol 50 to server. Our server is a FC2 with openswan 2.3 
> and i use certficates for authentification.
> After some problems with the config 

I have noticed this too. I had to add leftsubnet and leftnexthop to the
regular config.

> i finaly got the SA to initiate, but 
> now the problem is that rp-l2tp sends the answers back in plaintext to 
> the external ipadres of my home router, instead of thru the tunnel. My 
> home machine is a Win XP SP2 with nat-t patch.

Yup, same problem here.

>    virtual_private=%v4:

Should this not be %v4: Because otherwise your internal subnet
at 192.168.1.x will be included as well. Is the Openswan server single-homed?
I.e. only one interface? I don't think that will work.

> # Peer section
> section peer
> peer 80.61.112.xxx
> is there an option so i don't have to specify an hardcoded ip-adres in 
> the peer section?? if not it would be almost imposseble to include 
> roaming users into the rp-l2tpd configuration

Yes, use this:

mask 0

But why is your lns-pppd-opts commented out?

You could also use l2tpd with a patch from rp-l2tp to support Unix98
style ptys. Mail me if you are interested.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list