[Openswan Users] openswan/l2tp client to windows 2003 server
Peter Teufl
pteufl at sbox.tugraz.at
Tue Mar 22 12:43:04 CET 2005
Hi,
Thanks for the fast response!
Jacco de Leeuw wrote:
> And the sysadmin of that Windows server is not prepared to let you
> use IPsec without L2TP?
>
No unfortunately, that's not an option.
> Why would such a change be needed?
I have already used an openswan server with l2tp and windows clients. On
openswan I could see that when a windows client initiated a connection,
draft-ietf-ipsec-nat-t-ike-02/03 was activated. I thought that maybe I
could force openswan to use this draft in my current situation. The
interesting thing is that when I change the value in the source, I can
see some UDP packets from/to port 4500. But then the connection fails...
I can not see the udp 4500 packets when using the correct version.
> Hm, wasn't this a bug in Openswan or Windows... Do you get this with
> openswan-2.3.1dr3 as well?
I get this with openswan-2.3.1dr3 too, but there is one difference:
Mar 22 13:34:24 linux pluto[13046]: "windows2003" #1: enabling possible
NAT-traversal with method RFC 3947 (NAT-Traversal) instead of
Mar 22 13:34:24 linux pluto[13046]: "windows2003" #1: enabling possible
NAT-traversal with method RFC XXXX (NAT-Traversal)
>> type=transport
>
> I never had to specify this, although it seems logical. Could you try
> without this line?
Changed it. Unfortunately no effect..
>
>> leftprotoport=17/0
>
> I use leftprotoport=17/1701
Changed it too, but that should not have an effect anyway as I am not
coming this far.
Thanks!
Peter
More information about the Users
mailing list