[Openswan Users] Shaky VPN connections
Jacco de Leeuw
jacco2 at dds.nl
Wed Apr 12 18:36:48 CEST 2006
Xunhua Wang wrote:
> From a MS Windows 2000/XP client, we can connect to the VPN
> server using IPsec/L2TP combination.
>
> Our problem is that the VPN connections are pretty shaky and
> are dropped from time to time.
> Apr 11 19:47:27 localhost pppd[4144]: LCP terminated by peer
> (g5 ^]^@<M-Mt^@^@^@^@)
> Apr 11 19:47:27 localhost pluto [2900]: "roadwarrior-l2tp"[3]
> 134.126.34.71 #4: received Delete SA payload: deleting
The Windows client is hanging up. Did you check its log files?
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Windowsdebug
> Linux Openswan U2.3.0
Might be a tad old.
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You're using Nate Carlson's config which is incorrect on some points.
You need to exclude your internal subnet(s). See the sample files
in openswan-2.4.5/programs/examples
> conn roadwarrior-l2tp
> leftprotoport=17/0
> rightprotoport=17/1701
> also=roadwarrior
Probably wise to drop support for non-updated Windows clients
and remove this.
> conn roadwarrior
> left=%defaultroute
> leftcert=ipsec-server.crt
> right=%any
> rightsubnet=vhost:%no,%priv
> pfs=no
> auto=add
I'd recommend adding rekey=no and rightca=%same
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list