[Openswan Users] openswan/l2tp client to windows 2003 server

Peter Teufl pteufl at sbox.tugraz.at
Tue Mar 22 12:43:04 CET 2005


Hi,
Thanks for the fast response!

Jacco de Leeuw wrote:

> And the sysadmin of that Windows server is not prepared to let you
> use IPsec without L2TP?
>
No unfortunately, that's not an option.

> Why would such a change be needed?


I have already used an openswan server with l2tp and windows clients. On 
openswan I could see that when a windows client initiated a connection, 
draft-ietf-ipsec-nat-t-ike-02/03 was activated. I thought that maybe I 
could force openswan to use this draft in my current situation. The 
interesting thing is that when I change the value in the source, I can 
see some UDP packets from/to port 4500. But then the connection fails... 
I can not see the udp 4500 packets when using the correct version.

> Hm, wasn't this a bug in Openswan or Windows... Do you get this with
> openswan-2.3.1dr3 as well?

I get this with openswan-2.3.1dr3 too, but there is one difference:
Mar 22 13:34:24 linux pluto[13046]: "windows2003" #1: enabling possible 
NAT-traversal with method RFC 3947 (NAT-Traversal) instead of

Mar 22 13:34:24 linux pluto[13046]: "windows2003" #1: enabling possible 
NAT-traversal with method RFC XXXX (NAT-Traversal)


>>    type=transport
>
> I never had to specify this, although it seems logical. Could you try
> without this line?

Changed it. Unfortunately no effect..

>
>>    leftprotoport=17/0
>
> I use leftprotoport=17/1701

Changed it too, but that should not have an effect anyway as I am not 
coming this far.

Thanks!
Peter


More information about the Users mailing list