[Openswan Users] ipsec/l2tp Windows (yes again)
Paul Wouters
paul at xelerance.com
Tue Apr 25 07:26:08 CEST 2006
On Mon, 24 Apr 2006, Trevor Benson wrote:
> but not for about 10 months. I just rebuilt the latest fedora kernel of
> 2.6.15.10 and openswan 2.4.5 with klips (patched the kernel for natt as
> well). I have already used this certificate and connection string for
> non l2tp sessions, so I know the certificate is accepted with linsys
> ipsec client and this gateway before attempting l2tp with it.
Ok.
> conn tbenson
> leftcert=office1.ct.vpn.cleartunnel.net.cert
> leftrsasigkey=%cert
> leftprotoport=17/1701
> rightprotoport=17/1701
> right=64.142.7.188
> rightnexthop=%defaultroute
> rightca=%same
> rightid="C=US, ST=California, L=Santa Rosa, O=Mumble,
> CN=tbenson.vpn.Mumble.net, E=ca-admin at Mumble.net"
> rightrsasigkey=%cert
> authby=rsasig
> auto=add
For nat-t, there is no rightsubnet=vhost:%priv,%no
If you add that, and it still does not work, try adding type=transport.
If it then still fails, double check Windows is doing X.509 and not
PreSharedKey.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list