[Openswan Users] Creating Win XP vpn connection

Brian Candler B.Candler at pobox.com
Wed May 17 21:04:10 CEST 2006


On Wed, May 17, 2006 at 02:50:52PM +0000, peters at exemplar-associates.com wrote:
> From XP I can start the connection using the built-in tool.
> When I open the status panel from the windows start menu tray
> and view the Details panel it show the following:
> 
> DeviceName.....WAN miniport (PPTP)
                               ^^^^
> Device type....vpn
> Server type....PPP
> Transports.....TCP/IP
> Authentication.MS CHAP V2
> Encryption.....MPPE 128
                 ^^^^^^^^
> Compression....(none)
> PPP multilink framing.Off
> Server IP address.....192.168.0.13
> Client IP address.....192.168.0.1

A couple of problems there.

(1) You're much better using L2TP than PPTP. I'm not sure if PPTP over IPSEC
is supported at all by Windows (and if you want to run PPTP without IPSEC,
then you're asking on the wrong mailing list). Under connection properties,
look in the 'Networking' tab for the type of VPN server, and set it to L2TP
over IPSEC.

(2) You should have encryption turned *off* (under 'Security' tab). Yes this
is counter-intuitive, but if you're using L2TP over IPSEC, you turn off PPP
encryption, because encryption is taken care of by the IPSEC layer.

You can find good step-by-step instructions here:
http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html#PSK

Then of course you need an l2tp daemon (e.g. xl2tpd, rp-l2tpd), not a pptp
daemon, on your server.

Regards,

Brian.


More information about the Users mailing list