[Openswan Users] win-xp (sp2) with nat-t not working with dsl
Paul Wouters
paul at xelerance.com
Mon Oct 23 11:39:25 EDT 2006
On Mon, 23 Oct 2006, Gbenga wrote:
> Ok, I see this is a bug that is under consideration. Is the fix going into the 2.4.7 release?
>
> http://bugs.xelerance.com/view.php?id=541&nbn=4
That is a resolved bug. There is no fix for fragmentation. Try setting your
external mtu on the vpn server to 1472 or 1450.
> conn %default
> authby=secret|rsasig
I whould just set this to rsasig, esp. since you are using certificates
>
> conn l2tp-syseng
> left=10.10.1.57
> leftsubnet=10.10.1.57/32
you should not be setting subnet options, since l2tp is a transport mode
host-host connection. (with the exception of the rightsubnet to support
NAT-T.
> rightsubnet=vhost:%no,%priv
So that's ok.
> compress=yes
> disablearrivalcheck=no
> type=tunnel
That is wrong for l2tp. It must be transport mode. If your openswan then
complains about the rightsubnet, comment out the type line completely.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list