[Openswan Users] Vista and Openswan L2TP IPSEC vpn connection problem

Oguz Yilmaz oguzyilmazlist at gmail.com
Mon Dec 24 05:14:34 EST 2007 

It was true. The point was "virtual_private"
Now I have the following configuration, working in both Vista and XP.
What is the decision that virtual_private parameters is needed for. Can you
give some information?


***********
ipsec.conf:

version 2.0

config setup
        interfaces="ipsec0=ppp0"
        klipsdebug=none
        plutodebug=none
        nat_traversal=yes
        uniqueids=yes
        virtual_private=%v4:
10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4<http://10.0.0.0/8,%25v4:172.16.0.0/12,%25v4:192.168.0.0/16,%25v4>
:
!172.19.32.0/24

conn %default
        auto=add

conn labris.l2tp
        authby=secret
        left=EXTERNALIP
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        auth=esp
        auto=add
        keyingtries=3
        pfs=no
        rekey=no
        rightid=%any
        rightsubnet=vhost:%no,%priv

************
ipsec.secrets:

EXTERNALIP %any : PSK "somepassword"


On Dec 23, 2007 6:49 PM, Jacco de Leeuw <jacco2 at dds.nl> wrote:

> Oguz Yilmaz wrote:
>
> > Openswan logs says "no connection is known".
>
> The issue seems to be that the client is behind NAT but you forgot
> to add a parameter virtual_private to config setup. That's what the
> "no connection is known for" error says. Add something like this
> to your config setup section:
>
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!172.19.32.0/24<http://10.0.0.0/8,%25v4:172.16.0.0/12,%25v4:192.168.0.0/16,%25v4:%21172.19.32.0/24>
>
> >         interfaces=""
>
> Huh? If you leave this parameter out, Openswan will use the interface
> that has the default gateway, which is probably what you want.
>
> > conn b-labris.l2tp-zcert
> >         auth=esp
> >         esp=3des-md5-96
>
> I would suggest to leave these two parameters out. Openswan has good
> defaults.
>
> >         leftnexthop=EXTERNALIPDEFGW
>
> If you leave this parameter out too, it will default to the IP address
> of the default gateway.
>
> >         rightid=%any
>
> I would also suggest rightca=%same
>
> > EXTERNALIP %any : RSA vpn-anahtari.key "labris"
> > : RSA vpn-anahtari.key "labris"
>
> Change your password :-)
>
> Jacco
> --
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071224/1eec3a04/attachment.html

More information about the Users mailing list