[Openswan Users] 2003 server cant connect (2003 and 2008 can connect)

[Herbert Zimbizi]

Helo Everyone
Thanks to Jacco de Leeuw after two weeks of battling blindly with Openswan I
have finally managed to get my VPN working. The help provided by Jacco made
it all possible. Today I have therefore tested Windows Server 2003 and
2008beta3 (longhorn) as clients to Openswan L2tp/Ipsec VPN. I had to do
several tweaks to the registries on these two Windows systems. I will make
available all info when Im done with testing.

Regards

Herbert Zimbizi,


-----Original Message-----
From: Jacco de Leeuw [mailto:jacco2 at dds.nl] 
Sent: Thursday, June 28, 2007 10:28 PM
To: users at openswan.org
Subject: Re: [Openswan Users] 2003 server cant connect


Herbert Zimbizi wrotef:

> Iam trying to get dialin vpn running. I have installed openswan and 
> l2tpd on the vpn server.

Check out:
http://www.jacco2.dds.nl/networking/openswan-l2tp.html

> config setup
>        virtual_private=%v4:192.168.254.0/24,%v4:!192.168.0.0/24

Don't you mean something like:
virtual_private=%v4:192.168.0.0/16,%v4:!192.168.0.0/24

Actually, I would recommend allowing a more broader range for remote
clients behind NAT:

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192
.168.1.0/24

> conn %default
>          authby=secret

There are some limitations with a PSK when NAT is involved.
http://www.jacco2.dds.nl/networking/openswan-l2tp.html#NAT

>          leftsubnet=192.168.0.0/24

This leftsubnet= should not be used for L2TP/IPsec.

> conn net
>          #rightsubnet=vhost:%no,%priv

You do need this line, at least for Vista clients that you might have.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl