[Openswan Users] openswan + l2tpd + iptables problem
Paul Wouters
paul at xelerance.com
Wed Oct 4 14:56:00 EDT 2006
On Wed, 4 Oct 2006, mechanix at debian.org wrote:
> Classic mistake... forgot to attach the log.
> Oct 5 02:00:15 scotos pluto[622]: "roadwarrior-l2tp"[9] RW.IP.ADDR.ESS #20: responding to Main Mode from unknown peer RW.IP.ADDR.ESS
> Oct 5 02:00:15 scotos pluto[622]: "roadwarrior-l2tp"[9] RW.IP.ADDR.ESS #20: transition from state STATE_MAIN_R0 to state
Your l2tp/ipsec server needs rekey=no. You cannot rekey to roadwarriors (eg if
they're behind NAT or show up somewhere else).
Check the example files for l2tp configurations in /etc/ipsec.d/examples/
Try avoiding rightprotoport=17/%any. Just refuse to connect with unpatched
windows machine, so you can use one single conn with 17/1701.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list