[Openswan Users] Again... no luck: no connection is known
al at its-lehmann.de
Thu Jul 26 18:02:41 EDT 2007
26.07.2007 11:48,, Arno Lehmann wrote::
> 26.07.2007 06:39,, Paul Wouters wrote::
>> On Thu, 26 Jul 2007, Arno Lehmann wrote:
>>> Ok, I fixed that, restarted ipsec, tried again, but no success...
>>> also, on my test system, that typo was not included :-)
>>> By the way: What was the patch you mentioned in the other thread? I've
>>> got a stock 2.4.9 ready to be patched and compiled...
>> I think i meant the ipcomp one, but by now I completely forgot your
> Tha same one now I described in this thread...
>> so I'm not sure if it will help you. The patch is in the contrib/
>> of the openswan source.
> Ok, I'll try it. Thanks!
Well, even if you weren't sure, that one did the trick. At least now I
can connect to the VPN across two NAt'ing routers with Windows Vista's
integrated IPsec/L2TP client. Using certificates, and so on.
To sum this up for the archives:
- Download openswan 2.4.9
- Apply the ipcomp patch from the contrib directory in the tarball
- install (the next step is to create an OpenSUSE-compliant rpm...)
-- set up certificates: IPsec related ones should be 1024 bits
-- create an ipsec configuration. Simply follow the guidelines
available on many web sites. I followed these:
- start the ipsec servers
- set up an l2tp daemon and ppp on the server. I used xelerance's
xl2tpd, by the way.
- Install certificates on the client. In Vista business, use mmc and
import the .p12 file into own certificates. Move the root CA's
certificate into third party trusted certificates (or whatever it's
called in the english version...)
- Set up the client's connection: prepare a VPN connection to the
server. Set the VPN type to L2TP-IPsec-VPN and select "use
- As administrator, run the FixVistaVPN.vbs script linked from jacco's
- If I didn't forget anything - enjoy.
More information about the Users