[Openswan Users] Freeswan Query

Jacco de Leeuw jacco2 at dds.nl
Fri May 18 15:50:25 EDT 2007 

Peter Njiiri wrote:

> My VPN Linux server is behind a Linux Gateway/NAT.
>  
> VPN Server —--> Gateway (eth0-10.x.x.254/24 <—> eth1-70.x.x.x)

Remove this section:

> conn roadwarrior-l2tp
>  leftprotoport=17/0
>  rightprotoport=17/1701
>  also=roadwarrior

> conn roadwarrior-l2tp-updatedwin

Change this section to something like this:

conn roadwarrior-l2tp-updatedwin
   left=10.x.x.x
   leftcert=path/xxx_01.pem
   leftprotoport=17/1701
   leftnexthop=10.x.x.254
   right=%any
   rightca=%same
   rightrsasigkey=%cert
   rightprotoport=17/1701
   rightsubnet=vhost:%no,%priv
   keyingtries=3
   pfs=no
   auto=add

Remove this section:

> conn L2TP-CERT
>  # ...Existing parameters
>  left=10.x.x.x
>  leftnexthop=10.x.x.254
>  rightsubnet=vhost:%no,%priv

Do you want to use L2TP/IPsec or IPsec without L2TP?
The following section is for IPsec without L2TP:

> conn roadwarrior
> [...]

The following seems to indicate you are using the IPsec
client by Marcus Muller, which is no longer recommended:

> Windows roadwarrior is as follows:
>  
> conn me_to_vpngateway
>  pfs=yes
>  auto=start
>  network=auto
>  left=%any
>  right=DNSname (FQDN) of server
>  rightca="xxxxx"

Better use something like the Linsys client, the Shrew client
or a commercial IPsec client.

> the gateway and it's failing. I've followed the link
> http://www.natecarlson.com/linux/ipsec-x509-fs1.php,

This is an old page for IPsec without L2TP.

> http://www.jacco2.dds.nl/networking/openswan-l2tp.html#serverNATed
> and http://www.jacco2.dds.nl/networking/win2000xp-openswan.html#SP2

These are pages for L2TP/IPsec.

> (Windows registry addition) but no success. I receive the Error 789 from
> the windows client. 

This is an L2TP/IPsec (dial-up networking) error message.
It looks like you haven't made your mind up whether you want to use L2TP/IPsec
or IPsec without L2TP. That's an important decision to make before you begin.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list