[Openswan Users] ipsec/l2tp Windows (yes again)

Jacco de Leeuw jacco2 at dds.nl
Tue Apr 25 15:52:33 CEST 2006


Trevor Benson wrote:

> conn %default
>         left=64.142.mumble1.mumble2
>         leftnexthop=%defaultroute
>         leftsubnet=192.168.mumble3.0/24
>         dpddelay=30
>         dpdtimeout=120
>         dpdaction=hold
>         authby=secret
>         auto=start
>         keyingtries=0
>         disablearrivalcheck=no

leftsubnet, auto=start and keyingtries=0 are not good defaults for
L2TP/IPsec connections. Leftsubnet is not required (the L2TP part
provides the access to the internal subnet) and you should use
auto=add and keyingtries=<nonzero>.

dpddelay, dpdtimeout and dpdaction are fine but Windows/Mac clients
ignore them because they currently do not support DPD. (Perhaps
they use PPP LCP Echo for detecting dead peers, I don't know).

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list