[Openswan Users] Error 789 from Windows XP
Jacco de Leeuw
jacco2 at dds.nl
Thu Nov 1 17:48:57 EDT 2007
andy huang wrote:
> I tried to configure IPSec n following network:
> XP--RT(192.168.0.0/24)--Ubuntu--RT(192.168.11.0/24)--Corp
> Ububtu's eth0 is 192.168.11.2, which connects to Corp
> thru router(192.168.11.1), eth1 is 192.168.0.3.
That's a bit terse.
So you have one XP client at 192.168.0.x, the server runs some version
of Ubuntu, its external interface eth1 is at 192.168.0.3 and its internal
interface eth0 at 192.168.11.2. The internal LAN is at 192.168.11.0/24.
And the router at 192.168.11.1 is the default gateway to the Internet
for everything on the internal LAN, except the VPN server?
If this is correct, read on.
Is this only a test setup, BTW?
> left=%defaultroute
Try left=192.168.0.3
> leftnexthop=%defaultroute
Try removing this parameter, assuming that 192.168.0.3 is
the external interface.
> leftprotoport=17/%any
Use leftprotoport=17/1701 and install the NAT-T update on the
Windows 2000/XP clients.
> rightprotoport=17/%any
Try rightprotoport=17/1701, unless you also want to support
Mac clients.
> ipsec.secrets:
> 192.168.0.3 %any : PSK "MySharedKey"
Use 192.168.0.3 : PSK "MySharedKey" if think that NAT will
be involved.
> Also I couldn't find /var/log/secure for log file on
> my ubuntu. Is the log file in some place else?
Look in /var/log/debug for (x)l2tpd messages and /var/log/auth.log
for pluto messages.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list