[Openswan Users] status of rightprotoport=17/%any with xlt2pd, XP and Mac OS X?
Clifford T. Matthews
ctm at stolenbases.com
Thu Apr 12 12:19:03 EDT 2007
Howdy,
We're successfully using OpenSwan on Fedora Core 6
(openswan-2.4.5-2.1) with xl2tpd (xl2tpd-1.1.09-1.fc6) with Windows
XP. Our successful configuration file includes the line:
rightprotoport=17/1701
However, documentation suggests that to also support Mac OS X, we'll
need to use "%any" instead of "1701", i.e.,
rightprotoport=17/%any
However, doing that prevents our XP clients from successfully using
the VPN. Compiling, installing and restarting openswan-2.4.7 from the
Fedora Core test directory (openswan-2.4.7-3.fc7.src.rpm) does not
clear this problem up. I haven't yet tried to connect a Mac OS X
client, because our existing XP users really don't want the VPN to go
away.
I've scanned the Openswan Users archives and it appears that this was
a known bug a year ago, but more recent posts suggest that
"rightprotoport=17/%any" works now. I didn't, however, find a post
that explained what changed or what else must be done to get
"rightprotoport=17/%any" to work.
I'm happy to post our configuration files or even the output of ipsec
barf, but since there's a good chance this is a known issue, I figured
I'd see if anyone has a pointer to info I should read, first.
Thanks in advance,
Cliff Matthews <ctm at stolenbases.com>
More information about the Users
mailing list