[Openswan Users] stuck at Negotiating IP Security.

Paul Wouters paul at xelerance.com
Fri Sep 16 00:45:08 CEST 2005


On Thu, 15 Sep 2005, darkrealm wrote:

> 	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16%v4:192.168.2.0/16

The "16%v4" seems mangled and mising a comma. That causes the line to be
rejected, and NAT-T to fail.

> conn roadwarrior-l2tp
> 	pfs=no
> 	leftprotoport=17/0
> 	rightprotoport=17/1701
> 	also=roadwarrior

use leftprotoport=17/%any

> conn roadwarrior-l2tp-updatedwin

and then you dont need that one.

> conn roadwarrior
> 	left=%defaultroute
> 	leftcert=darkrealm.pem
> 	right=%any
> 	rightsubnet=vhost:%no,%priv
> 	auto=add
> 	pfs=yes

dont mix X509 and L2TP right away. First confirm that they work
seperately by disabling one of them using auto=ignore, and only
when both work seperately, try to see how it works if you combine
them. I've seen problems with this and I'm not convinced this can
work at all.

Since you didnt post logs of either the windows or openswan side,
I cannot say more.

Paul
-- 

"Happiness is never grand"

 	--- Mustapha Mond, World Controller (Brave New World)


More information about the Users mailing list