[Openswan Users] Openswan, Windows XP/2000 and disconects
Andrej Trobentar
andrej.trobentar at rikom.si
Tue Nov 29 16:32:53 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all,
Problem :
After internet connection loss on an roadwarior client he can connect to
the VPN server again, but can't ping the external IP of the VPN server
if he hasn't established a VPN connection.
Here's what I did on a Windows 2000 (all updates) machine connected
directly to the internet (NO NAT) with ras-pppoe for Windows 2000 :
1. test
- - connect to my ISP with ras-pppoe *OK*
- - connect to my VPN server with l2tp under Windows *OK*
- - ping to the internal network behind VPN server *OK*
- - disconnect from VPN by clicking on the disconect button on Windows VPN
icon *OK*
- - ping the external IP of the VPN server and recieved a reply *OK*
- - reconnect to my VPN server *OK*
RESULT : everything OK
- -----------------------------------------------------------------------
2. test
- - connect to my ISP with ras-pppoe *OK*
- - connect to my VPN server with l2tp under Windows *OK*
- - ping to the internal network behind VPN server *OK*
- - disconnect my ISP connection by clicking on the disconnect button on
Windows PPPoE icon -> after this the VPN icon disapeard as expected *OK*
- - reconnect to my ISP with ras-pppoe *OK*
- - ping the external IP of the VPN server and *didn't* received a reply
*FAILED*
- - reconnect to my VPN server with l2tp under Windows *OK*
- - ping to the internal network behind VPN server *OK*
- - disconnect from VPN by clicking on the disconect button on Windows VPN
icon *OK*
- - ping my external IP of the VPN server and didn't receive a reply
*FAILED*
RESULT : if you disconnect the pppoe connection you CAN reconnect to VPN
server with l2tp under Windows, but CAN'T ping the VPN server if you're
not connected to the VPN
- -------------------------------------------------------------------------
After you do a "ipsec auto --down roadwarior-l2tpd" on the VPN server
you can ping the external IP of the VPN server again. Is this normal?
Using :
openswan 2.4.2dr5 (klips), kernel 2.4.31, RedHat 7.3, l2tpd-0.69-13jdl
My ipsec.conf is attached. The VPN server is connected directly to the
internet.
- --
Greetings from Slovenia,
Andrej.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDjHSkVd/NU2yFfAoRAqb+AJ9mIsUSNx0gh9pttYH4CgOfShphMQCg3xvj
gkzcfkG0St92RPCBvr11Dzk=
=9FkC
-----END PGP SIGNATURE-----
-------------- next part --------------
version 2.0
# Basic configuration
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.10.0/24,%v4:!192.168.11.0/24,%v4:!192.168.15.0/24,%v4:!192.168.16.0/24
conn %default
keyingtries=1
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
pfs=no
# Disable Opportunistic Encryption
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
# RoadWarior setup (MS Windows 2000/XP clients)
# - client can connect if he is behind NAT
# - client can connect if has direct connection to internet (public IP ; *no* NAT)
# - client can connect from anywhere as long as he has the right
certificate, username and password
conn roadwarior-l2tpd
left=193.2.211.10
leftnexthop=193.2.211.1
leftprotoport=17/1701
leftcert=rikom.sk-branik.si.pem
right=%any
rightprotoport=17/1701
rightca="C=SI, ST=Slovenija, L=Maribor, O=Rikom d.o.o., CN=Rikom Root Certificate, Email=admin at rikom.si"
rightsubnet=vhost:%no,%priv
dpdaction=clear
auto=add
More information about the Users
mailing list