[Openswan Users] status of rightprotoport=17/%any with xlt2pd, XP and Mac OS X?

Clifford T. Matthews ctm at stolenbases.com
Thu Apr 12 12:19:03 EDT 2007


We're successfully using OpenSwan on Fedora Core 6
(openswan-2.4.5-2.1) with xl2tpd (xl2tpd-1.1.09-1.fc6) with Windows
XP.  Our successful configuration file includes the line:


However, documentation suggests that to also support Mac OS X, we'll
need to use "%any" instead of "1701", i.e.,


However, doing that prevents our XP clients from successfully using
the VPN.  Compiling, installing and restarting openswan-2.4.7 from the
Fedora Core test directory (openswan-2.4.7-3.fc7.src.rpm) does not
clear this problem up.  I haven't yet tried to connect a Mac OS X
client, because our existing XP users really don't want the VPN to go

I've scanned the Openswan Users archives and it appears that this was
a known bug a year ago, but more recent posts suggest that
"rightprotoport=17/%any" works now.  I didn't, however, find a post
that explained what changed or what else must be done to get
"rightprotoport=17/%any" to work.

I'm happy to post our configuration files or even the output of ipsec
barf, but since there's a good chance this is a known issue, I figured
I'd see if anyone has a pointer to info I should read, first.

Thanks in advance,

Cliff Matthews <ctm at stolenbases.com>

More information about the Users mailing list