[Openswan Users]

[Jacco de Leeuw]

Meron Lavie wrote:

> Could you please confirm that all the ipsec.conf settings were
> correct regarding which IP address gets put where?

Looks OK, as far as I could see.

I would suggest changing the "conn L2TP-PSK-INTERNAL" though,
because currently both left= and right= are on the same internal
network. If you move one of your internal Windows clients to the
10.0.0.0/24 network (for testing purposes) you can comment out
the  "conn L2TP-PSK-INTERNAL". The server will not have to use
NAT then, so the connection should work.

> Also, I just noticed that I used Openswan 2.4.4, because that
> was the latest bin RPM (I am a bit of a newbie and avoid 
> compilations if I can).

That's actually a good strategy. Start with the common case,
get quick results and then gradually add complexity.

> After re-reading your HOWTO, I notice that NAT-ting requires
> 2.4.5. Do I understand that correctly?

If the server is NATed, yes. Alternatively, you can get FC5's
Openswan 2.4.4 SRPM and add the patch for NATed servers yourself.

> This is a known problem. I don't know exactly what is going on:
> [ML] Please accept my apologies for this glaring RTFM. Ik ben 
> niet zo knap - vraag mijn vorige echtgenote...

Hm, better not get former wifes involved. Always add complexity
later :-).

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl