[Openswan Users] Re-4: VPN starts but fails two minutes later

Paul Wouters paul at xelerance.com
Tue Aug 22 14:30:09 EDT 2006

On Tue, 22 Aug 2006, Ludovic MARCILLY wrote:

> > you only showed /var/log/messages. but most of openswan logs in
> > /var/log/secure (or /var/log/auth.log)
> >
> I don't have /var/log/secure or /var/log/auth.log on my machine.
> I paste the logs when it begin to disconnect. Do you want the logs when the VPN is created?

Yes, to find out any potential failure or success, we would need to see the
logs that detail the failure or success.

> > openswan-1 will not work properly for use with l2tp. It is too old and
> > missing a bunch of fixes/workarounds.
> Do you want to say that i can't create L2TP IpSec VPN with openswan 1.0.7 ?

I am saying that at Xelerance, we have never tried to use IPsec transport
mode with l2tp for Windows with openswan-1. I know for sure we added
work arounds for various bugs, so I'm pretty sure it will not work.

> I don't want to upgrade openswan because they are patches to apply to kernel and it is not possible to update kernel for the moment...

You would not need to update the kernel. You would just need to upgrade KLIPS in the
kernel and upgrade to the openswan-2 userland. But if you cannot do that, then it
is extremely likely l2tp will not work.


More information about the Users mailing list