[Openswan Users] Window XP <-> Debian

Jacco de Leeuw jacco2 at dds.nl
Sun Jul 23 12:35:31 CEST 2006


Brian Sheets wrote:

> I am running debian vmlinuz-2.6.8-2-386, with openswan 1:2.2.0-8, l2tpd
> 0.70-pre20031121-2 as the openswan box
> 
> Windows XP SP2, using windows vpn client
> 
> 192.168.23.x  (x:1 NAT) <-> netscreen 5gt <-> internet <-> debian box
> <-> 10.x.x.x (1:1 NAT)

The XP client is located behind the Netscreen, right?

> config setup
>      interfaces=%defaultroute
>      nat_traversal=yes

If the Netscreen is doing NAT, you need to add:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!10.0.0.0/24
(assuming that your 10.x.x.x is 10.0.0.0/24; if it isn't, you've got
a very large network behind the Debian box).

>      right=%any
>      rightrsasigkey=%cert
>      rightprotoport=17/1701

rightsubnet=vhost:%no,%priv

> I am logging in as two separate users, but I am using the same cert.

I don't think that's a good idea. Can you make two seperate client
certs?

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl



More information about the Users mailing list