[Openswan Users] Linux L2TP client behind NAT
Gbenga
stjames08 at yahoo.co.uk
Sun Aug 19 20:10:46 EDT 2007
Thank you very much Jacco. You are absolutely correct. I changed the lns address in the xl2tpd.conf to the public address and it worked.
I should have thought about that, but then since the ipsec is set up already I thought there is a link to the inside network.
I commented out the virtual_private="" as well.
Best Regards,
Gbenga
Gbenga wrote:
> I have a linux l2tp client with Openswan 2.4.9 that need to connect another
> Openswan 2.4.7 VPN/L2TP server.
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
Hm, I don't remember if the local and/or remote subnets have to be
excluded in the virtual_private parameter on the Linux client.
We'll find out later :-)
> right=193.x.x.x
> rightprotoport=17/%any
Use rightprotoport=17/1701 here.
> rekey=no
That's a mistake on my part. Should be rekey=yes for the client
(the server has rekey=no).
> pfs=yes
Good :-). The server has pfs=no but they will negotiate PFS anyway.
> [lac vpnx]
> lns = 10.10.1.57
This should be the same public IP address as specified in ipsec.conf
with the right= parameter. I.e. lns = 193.x.x.x
Sorry if that wasn't clear enough.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
___________________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/
More information about the Users
mailing list