[Openswan Users] Stuck with rekeying problem, initiated QM from
Openswan
Norman Rasmussen
normanr at gmail.com
Sun May 22 01:44:28 CEST 2005
I'd bet quite a lot that this is related to the same issue I'm having:
http://bugs.xelerance.com/view.php?id=271
I'm not sure NAT is the issue, I'm pretty sure it's just WinXP SP2.
On 22/05/05, Jacco de Leeuw <jacco2 at dds.nl> wrote:
> Steffen Becker wrote:
>
> > I would but I'm unable to patch IPCop myself in an appropriate way.....
> > Maybe someone knows how to do that?
>
> In that case it is probably better to leave it up to the IPCop people.
>
> I assume that you have used the following Howto?
> http://www.elminster.com/xoops/modules/phpwiki/index.php/IpcopL2tpRemoteAccessServer
> In that case your ipsec.conf probably looks like this:
>
> conn RoadWarriorX509
> left=xxx.xxx.xxx.xxx
> leftnexthop=%defaultroute
> leftprotoport=17/1701
> leftcert=/var/ipcop/certs/hostcert.pem
> right=%any
> rightrsasigkey=%cert
> rightprotoport=17/1701
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
> authby=rsasig
> pfs=no
> auto=add
>
> The DPD lines won't have any effect because Windows does not support
> IPsec Dead Peer Detection.
>
> I assume the root certificate has been created in /var/ipcop/ca/cacert.pem?
> Do you see Openswan pick it up? Did you have to copy it to
> /etc/ipsec.d/cacerts? What if you add rightca=%same?
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
- Norman Rasmussen
- Email: norman at rasmussen.org
- Home page: http://norman.rasmussen.org/
More information about the Users
mailing list