[Openswan Users] Problem with L2TP / Transport mode
Jacco de Leeuw
jacco2 at dds.nl
Thu Sep 15 16:20:16 CEST 2005
Mark van Proctor wrote:
> I'm having trouble getting Openswan to communicate with a Windows XP SP2
> client (not NATed). I can get it to connect using just an IPSec
> connection (ipsec.exe over a standard tunnel connection), however it can
> not connect using Windows' L2TP/IPSec connection (over a transport
> connection).
If you have been using the ipsec.exe tool and you want to switch back to
L2TP/IPsec you have to reenable the automatic L2TP/IPsec policy
(ProhibitIpSec in the registry). See also:
http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html#Installation
> I have tested using the Windows L2TP/IPSec VPN Client to connect to a
> transport connection set up as follows:
>
> conn l2tp
> type=transport
> left=<external IP>
> leftcert=<PEM file>
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/1701
> pfs=no
> auto=add
Unlike the ipsec.exe tool, the L2TP/IPsec policy does not know
exactly which certificate to use if there are multiple ones installed.
So add rightcert=<PEM file> or rightca=%same.
> Basically, I am logging and allowing all the traffic that comes through
> using the following IPtables scripts:
Well, to rule out problems with the firewall you could disable it temporarily
and see if things suddenly work.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
Mosquitos suck
More information about the Users
mailing list