[Openswan Users] Strange Problem with L2TP/IPSec
Jacco de Leeuw
jacco2 at dds.nl
Fri Sep 2 01:02:03 CEST 2005
Ravi Verma wrote:
> I am having a strange problem. I have an Openswan setup for VPN connection
> for L2TP/IPSec and Openswan-Openswan connection.
>
> "roadwarrior-l2tp"[5] XXX.225.241.XXX #15: STATE_MAIN_R3: sent MR3,
> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
I would recommend certificates, especially if your clients are behind NAT.
> Sep 1 13:55:11 lb pluto[4366]: "roadwarrior-l2tp"[5] 205.225.241.126 #15:
> Virtual IP XXX.225.241.XXX/32 is already used by '@ravi.telecommand.com'
Paul mentioned a number of possible causes. Here's another one that I can of:
two clients are behind different NAT routers but both happen to have the
the exact same IP address (many NAT routers use the same default subnets
for DHCP, e.g. 192.168.1.x).
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You need to exclude the VPN router's internal subnets, e.g.
... ,%v4:!10.4.0.0/16,%v4:!10.2.0.0/16
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list