[Openswan Users] Error IPsec/L2tp connection
Rodrigo
nobregasz at yahoo.com.br
Tue Mar 29 00:04:16 CEST 2005
Tks for ur help Jacco.
i was losting my mind.. so... im find a way more secure then x509 to
autentication. Im thinking l2tp (to use user+pass) or smartcards..
ill whait for openswan 2.3.1
sory for my english.
tks again
Rodrigo
>
> rodrigo nobrega wrote:
>
>> i have a ipsec connection working and im trying setup
>> a L2tp/ipsec connection behind NAT.
>
>
> So the L2TP/IPsec server is NATed? This is not supported yet.
> You may have to wait for Openswan 2.3.1. There is however a
> patch by Bernd Galonska. See also:
> http://lists.openswan.org/pipermail/users/2005-March/004107.html
>
>> when i ping 10.x.x.x using MM ipsec tools all work
>> fine but, when i do ipsec -off and use l2tp/ipsec
>> connection from winxp i dont have response.
>
>
> If you have been using Marcus Mueller's IPSEC.EXE tool,
> you may have disabled the automatic L2TP/IPsec policy.
> See:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;q310109
> to re-enable it.
>
>> Where i can see l2tp logs??
>
>
> They are in /var/log/messages. I have no idea where you can find
> L2TP logs on Windows clients. For enabling PPP logging, see:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;234014
>
>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
>
> Perhaps you need to exclude your internal subnet here? I.e. add:
> ... , %v:!192.168.x.0/24
>
>> Mar 28 10:21:49 vpn pluto[3343]: "roadwarrior-net"[2]
>> 200.241.203.69 #1: cannot respond to IPsec SA request
>> conn roadwarrior-net
>> leftsubnet=10.0.0.0/255.0.0.0
>> also=roadwarrior
>
>
> I don't know why it wants to use this particular connection.
> If it is interfering you should disable it.
>
> Jacco
More information about the Users
mailing list