[Openswan Users] 2003 server cant connect

Herbert Zimbizi herbert at afdis.co.zw
Fri Jun 29 06:15:57 EDT 2007


On the virtual_private ,%v4:!192.168.1.0/24 does this not refer to my LAN
behind the VPN Server. My lan has 192.168.0.0/24 and would like to use
192.168.254.0/24 for the roadwarriors. I still have the same result anyway
with your suggestions. 
When I take out the leftsubnet this now shows up.

No route to host [errno 113, origin ICMP type 3 code 10 (not authenticated)]


-----Original Message-----
From: Jacco de Leeuw [mailto:jacco2 at dds.nl] 
Sent: Thursday, June 28, 2007 10:28 PM
To: users at openswan.org
Subject: Re: [Openswan Users] 2003 server cant connect


Herbert Zimbizi wrotef:

> Iam trying to get dialin vpn running. I have installed openswan and 
> l2tpd on the vpn server.

Check out:
http://www.jacco2.dds.nl/networking/openswan-l2tp.html

> config setup
>        virtual_private=%v4:192.168.254.0/24,%v4:!192.168.0.0/24

Don't you mean something like:
virtual_private=%v4:192.168.0.0/16,%v4:!192.168.0.0/24

Actually, I would recommend allowing a more broader range for remote
clients behind NAT:

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192
.168.1.0/24

> conn %default
>          authby=secret

There are some limitations with a PSK when NAT is involved.
http://www.jacco2.dds.nl/networking/openswan-l2tp.html#NAT

>          leftsubnet=192.168.0.0/24

This leftsubnet= should not be used for L2TP/IPsec.

> conn net
>          #rightsubnet=vhost:%no,%priv

You do need this line, at least for Vista clients that you might have.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl



More information about the Users mailing list