[Openswan Users] WLAN IPsec implementation
Jacco de Leeuw
jacco2 at dds.nl
Fri May 13 11:43:24 CEST 2005
Zach wrote:
> Hello everyone, I’m having a difficult time setting up a VPN connection
> between my XP2/SP2 notebook and Ubuntu box running Openswan 2.3.1
> config setup
>
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=none
> plutodebug=all
Normally plutodebug=all is not needed. Most problems are simply due to
a configuration error.
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You need to exclude your internal subnet here. Add this:
... ,%v4:!192.168.2.0/24
Assuming that this is indeed your internal subnet. But I don't think this
is the cause of the problem. You are probably not doing NAT on your WLAN,
right?
> conn %default
> left=192.168.2.1
> leftsubnet=192.168.2.1/32
This leftsubnet= probably confuses the conn wireless.
Could you remove it?
> conn wireless
> leftprotoport=17/1701
> rightprotoport=17/1701
> pfs=no
> rekey=no
> right=%any
> rightsubnet=vhost:%no,%priv
> auto=add
rekey=no? Why is that?
> conn conntointernet
> leftsubnet=0.0.0.0/0
> also=wireless
This won't work with L2TP over IPsec. Once the packets are
delivered to the L2TP daemon, Openswan is not involved anymore.
So L2TP/PPP will have to do the forwarding to Internet.
Could you decribe your setup with a diagram or something? Is your
Ubuntu box behind a firewall? Remember, no L2TP daemon should be
accessible from the Internet for obvious security reasons.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list