[Openswan Users] win-xp (sp2) with nat-t not working with dsl

Gbenga stjames08 at yahoo.co.uk
Mon Oct 23 06:01:59 EDT 2006 

Hi list,

I hope someone will be able to help with this problem. I have configured a openswan 2.4.5 with nat-t. This works well at my office connection (using leased line), but I cannot connect from dsl line from home. The IPSec SA actually established but the l2tpd did not respond. On standard dial up, this work.

The same problem is defined by this list item: http://thread.gmane.org/gmane.network.openswan.user/988/focus=1001. Did anyone find a solution to it?

I will appreciate any help.

My ipsec.conf below:

# Specify the version of Openswan we are running

version 2

# Global configuration section:
config setup
        nat_traversal=yes
        interfaces="ipsec0=eth1"
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.10.0.0/16

# General connection section:
conn %default
        authby=secret|rsasig
        keyingtries=1

conn l2tp-syseng
        left=10.10.1.57
        leftsubnet=10.10.1.57/32
        leftnexthop=10.10.1.240
        leftcert=syseng.pem
        leftrsasigkey=%cert
        leftprotoport=17/1701
        rightprotoport=17/%any
        rightrsasigkey=%cert
        right=%any
        pfs=no
        rightsubnet=vhost:%no,%priv
        auto=add
        compress=yes
        disablearrivalcheck=no
        type=tunnel
        rightca=%same

/var/log/auth.log:

Oct 23 10:56:39 aparo pluto[9487]: | NAT-T: new mapping 193.120.10.164:500/4500)
Oct 23 10:56:39 aparo pluto[9487]: "l2tp-syseng"[2] 193.120.10.164 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Oct 23 10:56:39 aparo pluto[9487]: "l2tp-syseng"[2] 193.120.10.164 #2: responding to Quick Mode {msgid:c004b813}
Oct 23 10:56:39 aparo pluto[9487]: "l2tp-syseng"[2] 193.120.10.164 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 23 10:56:39 aparo pluto[9487]: "l2tp-syseng"[2] 193.120.10.164 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 23 10:56:39 aparo pluto[9487]: "l2tp-syseng"[2] 193.120.10.164 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 23 10:56:39 aparo pluto[9487]: "l2tp-syseng"[2] 193.120.10.164 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xe14570c2 <0x631d6c4b xfrm=3DES_0-HMAC_MD5 NATD=193.120.10.164:4500 DPD=none}


Rgds,
Gbenga






		
___________________________________________________________ 
Try the all-new Yahoo! Mail. "The New Version is radically easier to use" – The Wall Street Journal 
http://uk.docs.yahoo.com/nowyoucan.html

More information about the Users mailing list