[Openswan Users] Strange Problem with L2TP/IPSec
Ravi Verma
ravi.verma at telecommand.com
Thu Sep 1 16:23:43 CEST 2005
I tried after excluding the destination subnets in the ipsec.conf file and
had no effect on the problem.
Regarding use of certificates, the machine ravi.telecommand.com is indeed
using authby=rsasig to access the VPN server and the machine using
L2TP/IPSec is complaining about ravi.telecommand.com using the virtual ip
address.
Unfortunately L2TP/IPSec seems to be the most convenient option for
Windows XP clients.
On Thu, September 1, 2005 3:02 pm, Jacco de Leeuw said:
> Ravi Verma wrote:
>
>> I am having a strange problem. I have an Openswan setup for VPN
>> connection
>> for L2TP/IPSec and Openswan-Openswan connection.
>>
>> "roadwarrior-l2tp"[5] XXX.225.241.XXX #15: STATE_MAIN_R3: sent MR3,
>> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
>> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
>
> I would recommend certificates, especially if your clients are behind NAT.
>
>> Sep 1 13:55:11 lb pluto[4366]: "roadwarrior-l2tp"[5] 205.225.241.126
>> #15:
>> Virtual IP XXX.225.241.XXX/32 is already used by '@ravi.telecommand.com'
>
> Paul mentioned a number of possible causes. Here's another one that I can
> of:
> two clients are behind different NAT routers but both happen to have the
> the exact same IP address (many NAT routers use the same default subnets
> for DHCP, e.g. 192.168.1.x).
>
>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> You need to exclude the VPN router's internal subnets, e.g.
>
> ... ,%v4:!10.4.0.0/16,%v4:!10.2.0.0/16
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
Kind regards.
Ravi Verma
Chief Executive Officer
Telecommand Software and Services
2210 Plaza Drive, Ste 150
Rocklin, CA 95765
Phone: 9167053261, 866-220-RAVI (Toll-free)
Fax: 9169142008
www.telecommand.com
More information about the Users
mailing list