[Openswan Users] 2003 server cant connect
Herbert Zimbizi
herbert at afdis.co.zw
Fri Jun 29 06:15:57 EDT 2007
On the virtual_private ,%v4:!192.168.1.0/24 does this not refer to my LAN
behind the VPN Server. My lan has 192.168.0.0/24 and would like to use
192.168.254.0/24 for the roadwarriors. I still have the same result anyway
with your suggestions.
When I take out the leftsubnet this now shows up.
No route to host [errno 113, origin ICMP type 3 code 10 (not authenticated)]
-----Original Message-----
From: Jacco de Leeuw [mailto:jacco2 at dds.nl]
Sent: Thursday, June 28, 2007 10:28 PM
To: users at openswan.org
Subject: Re: [Openswan Users] 2003 server cant connect
Herbert Zimbizi wrotef:
> Iam trying to get dialin vpn running. I have installed openswan and
> l2tpd on the vpn server.
Check out:
http://www.jacco2.dds.nl/networking/openswan-l2tp.html
> config setup
> virtual_private=%v4:192.168.254.0/24,%v4:!192.168.0.0/24
Don't you mean something like:
virtual_private=%v4:192.168.0.0/16,%v4:!192.168.0.0/24
Actually, I would recommend allowing a more broader range for remote
clients behind NAT:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192
.168.1.0/24
> conn %default
> authby=secret
There are some limitations with a PSK when NAT is involved.
http://www.jacco2.dds.nl/networking/openswan-l2tp.html#NAT
> leftsubnet=192.168.0.0/24
This leftsubnet= should not be used for L2TP/IPsec.
> conn net
> #rightsubnet=vhost:%no,%priv
You do need this line, at least for Vista clients that you might have.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list