[Openswan Users] vista as a client for openswan

Eray Aslan eray.aslan at caf.com.tr
Thu Nov 22 13:43:49 EST 2007


On Thu, Nov 22, 2007 at 06:36:10PM +0100, Jacco de Leeuw wrote:
> 
> Eray Aslan wrote:
> 
> > I can't get Windows Vista clients to act as l2tp/ipsec clients.
> 
> Does it work with other types of clients, such as Windows 2000/XP or Mac?

It works with Windows XP.  It is a production box.  We do not have
Wİndows 2000 or Mac clients so I am not sure if it works with them.

> What Linux distribution do you use and what kernel?

north ~ # uname -a
Linux north 2.6.23-gentoo-r1 #2 Sun Nov 18 01:33:55 EET 2007 i686
Pentium II (Deschutes) GenuineIntel GNU/Linux

> Did you check 'ipsec verify'?

north ~ # ipsec verify
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.9/K2.6.23-gentoo-r1 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec/ipsec.secrets)
[DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec/ipsec.secrets"
  Checking that pluto is running                                  [OK]
  Two or more interfaces found, checking IP forwarding            [OK]
  Checking NAT and MASQUERADEing
  Checking for 'ip' command                                       [OK]
  Checking for 'iptables' command                                 [OK]
  Opportunistic Encryption Support
  [DISABLED]


and ipsec.conf:

version 2.0     # conforms to second version of ipsec.conf specification

config setup
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24,%v4:!10.0.2.0/24,%v4:!10.0.9.0/24
        nhelpers=0

[...]
conn l2tp-X.509-wifi
	authby=rsasig
	pfs=no
	auto=add
	rekey=no
	left=10.0.9.1
	leftrsasigkey=%cert
	leftcert=/etc/ipsec/ipsec.d/certs/northCert.pem
	leftprotoport=17/1701
	right=%any
	rightca=%same
	rightrsasigkey=%cert
	rightprotoport=17/1701
	rightsubnet=vhost:%priv,%no
[...]

include /etc/ipsec/ipsec.d/examples/no_oe.conf


Thank you for looking into it.

-- 
Eray


More information about the Users mailing list