[Openswan Users] OpenSwan 2.3.0 L2TP response in plaintext
Jacco de Leeuw
jacco2 at dds.nl
Tue Mar 1 15:26:06 CET 2005
http://lists.openswan.org/pipermail/users/2005-February/003927.html
Michel van der Breggen wrote:
> I'm having trouble with a VPN setup between our company and my home.
> Both sides are behind a NAT router, which is configured to pass port
> 4500/500 en protocol 50 to server. Our server is a FC2 with openswan 2.3
> and i use certficates for authentification.
> After some problems with the config
I have noticed this too. I had to add leftsubnet and leftnexthop to the
regular config.
> i finaly got the SA to initiate, but
> now the problem is that rp-l2tp sends the answers back in plaintext to
> the external ipadres of my home router, instead of thru the tunnel. My
> home machine is a Win XP SP2 with nat-t patch.
Yup, same problem here.
> virtual_private=%v4:192.168.0.0/16
Should this not be %v4:192.168.0.0/24? Because otherwise your internal subnet
at 192.168.1.x will be included as well. Is the Openswan server single-homed?
I.e. only one interface? I don't think that will work.
> # Peer section
> section peer
> peer 80.61.112.xxx
> is there an option so i don't have to specify an hardcoded ip-adres in
> the peer section?? if not it would be almost imposseble to include
> roaming users into the rp-l2tpd configuration
Yes, use this:
peer 0.0.0.0
mask 0
But why is your lns-pppd-opts commented out?
You could also use l2tpd with a patch from rp-l2tp to support Unix98
style ptys. Mail me if you are interested.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list