[Openswan Users] need some help with openswan / l2tpd

Paul Wouters paul at xelerance.com
Tue Nov 21 12:45:55 EST 2006


On Tue, 21 Nov 2006, Peter McGill wrote:

> > I'd like to configure ipsec with an l2tpd authentication. I already have a fonctionnal connection
> > at my work (using the win xp pro sp2 vpn l2tp client).
>
> I have almost the same setup, although I don't have NAT-T enabled on mine.
> I just got mine working yesterday, so I'm no expert, but it works.
>
> >        type=transport
> I don't have this line in my conn, are you sure you need it.

Yes you do on 2.4.7. It happened to work on older openswan's without it
(and in fact on older ones you couldn't use it in combination with the
nat-t rightsubnet= line.

> The default is type=tunnel, which is what I'm using without the line.

No, you're using transport mode, you just don't know it :)

> > Nov 21 17:42:48 sd-5193 pluto[25394]: "roadwarriorxp"[4] 82.236.77.42:11559 #4: NAT-Traversal: Transport mode disabled due to
> > security concerns

That openswan was compiled without USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true
Edit in Makefile.inc and recompile.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list