[Openswan Users] Trouble with IPSEC/xl2tpd and multiple connections
Paul Wouters
paul at xelerance.com
Tue Feb 20 11:13:20 EST 2007
On Tue, 20 Feb 2007, The Adept wrote:
Looking at your logs I see:
Feb 20 08:04:47 genvpn pluto[11354]: "roadwarrior"[83] 72.200.142.208 #95: switched from "roadwarrior" to "roadwarrior"
which is clearly not normal. Looking at your config again:
> conn roadwarrior-osx-xp
> leftprotoport=17/1701
> rightprotoport=17/%any
> rekey=no
> also=roadwarrior
>
> conn roadwarrior
> right=%any
> type=tunnel
I think the confusion might be because of the roadwarrior vs roadwarrior-osx-xp connection.
the osx-xp connection should be using type-transport for l2tp.
Perhaps you should make two seperate conns, one roadwarrior-l2tp and one roadwarrior-tunnelmode,
or if you are not using any type=tunnel connections but only l2tp/transport mode based one, just
use one conn and see what is happening.
There are various bugs here it seems. One is that you should get some clearer rejection for
needing type=transport but getting type=tunnel (but perhaps windows does something tricky here),
and the other that openswan should not "switch" connections back to the same connection.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list