[Openswan Users] openswan/l2tp client to windows 2003 server

Jacco de Leeuw jacco2 at dds.nl
Tue Mar 22 12:01:55 CET 2005

Peter Teufl wrote:

> I want to connect with openswan-2.3.0 and ltpd (0.70-pre200311) to a 
> Windows 20003 VPN Server.

And the sysadmin of that Windows server is not prepared to let you
use IPsec without L2TP?

I have not yet tested a setup where Linux is the client and Windows 2003
the server. I had a trial copy of Windows 2003 but it expired.

> I have even tried to change the source and set 
> draft-ietf-ipsec-nat-t-ike-02_n to value 107 which is 
> draft-ietf-ipsec-nat-t-ike-02. Then I was able to finish phase1, but 
> phase 2 failed with something like ("client id does not match my 
> proposal").

Why would such a change be needed?

> Mar 22 09:30:33 linux pluto[6439]: "windows2003" #1: NAT-Traversal: Only 
> 0 NAT-D - Aborting NAT-Traversal negociation

Hm, wasn't this a bug in Openswan or Windows... Do you get this with
openswan-2.3.1dr3 as well?

>    type=transport

I never had to specify this, although it seems logical. Could you try
without this line?

>    leftprotoport=17/0

I use leftprotoport=17/1701

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list