[Openswan Users] ipsec/l2tp Windows (yes again)
Jacco de Leeuw
jacco2 at dds.nl
Tue Apr 25 15:52:33 CEST 2006
Trevor Benson wrote:
> conn %default
> left=64.142.mumble1.mumble2
> leftnexthop=%defaultroute
> leftsubnet=192.168.mumble3.0/24
> dpddelay=30
> dpdtimeout=120
> dpdaction=hold
> authby=secret
> auto=start
> keyingtries=0
> disablearrivalcheck=no
leftsubnet, auto=start and keyingtries=0 are not good defaults for
L2TP/IPsec connections. Leftsubnet is not required (the L2TP part
provides the access to the internal subnet) and you should use
auto=add and keyingtries=<nonzero>.
dpddelay, dpdtimeout and dpdaction are fine but Windows/Mac clients
ignore them because they currently do not support DPD. (Perhaps
they use PPP LCP Echo for detecting dead peers, I don't know).
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list