[Openswan Users] ipsec does not register routes

Martin Krellmann martin at krellmann.net
Mon Oct 8 05:50:11 EDT 2007 

Hi.

> For those who want to know, there were two problems (if I remember
> correctly).

Yes you are correct.

> Which scenario do you have in mind, exactly?
>
> > conn trusetal.krellmann.net
>
> This is no road warrior setup. Are both vpngates running Openswan?
> Then you are probably better off with pure IPsec, leaving L2TP
> out of the equation.

For this connection i have a sort of gate-to-gate connection in mind.
The gate on the remote end (windows 2000 machine) connects to my openswan
server.
I have to use the L2TP here because Windows IPSec is not able to use dynamic
IP addresses, which I have on both ends.

I've also thougt about installing a virtual machine on the remote site (with
VMWare) with a linux OS and openswan, but the computer hast not enough power
for that solution...

Greetings
Martin.

> -----Ursprüngliche Nachricht-----
> Von: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Im
> Auftrag von Jacco de Leeuw
> Gesendet: Montag, 8. Oktober 2007 00:59
> An: users at openswan.org
> Betreff: Re: [Openswan Users] ipsec does not register routes
> 
> 
> Martin Krellmann wrote:
> 
> > After my openswan ipsec is now up and running (special thanks to
> Jacco)
> > if have another little question.
> 
> For those who want to know, there were two problems (if I remember
> correctly).
> There was a "%defaultroute cannot cope" because Openswan was not told
> what
> interface to use. And the client was configured to use EAP-TLS instead
> of
> CHAP.
> 
> > Why does openswan/xl2tp server not register the routes to the network
> > behind the right system after the connection has established?
> 
> Which scenario do you have in mind, exactly? A road warrior setup for
> Windows/Mac clients? In that case the server has no business
> registering
> routes to the networks behind clients.
> 
> > conn trusetal.krellmann.net
> >         left=192.168.10.253
> >         leftcert=vpngate.potsdam.krellmann.net.pem
> >         leftprotoport=17/1701
> >         leftsubnet=192.168.10.0/24
> >         right=trusenkrell.dyndns.org
> >         rightcert=vpngate.trusetal.krellmann.net.pem
> >         rightprotoport=17/1701
> >         rightsubnet=192.168.178.0/24
> 
> This is no road warrior setup. Are both vpngates running Openswan?
> Then you are probably better off with pure IPsec, leaving L2TP
> out of the equation.
> 
> Jacco
> --
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-
> 2946327?n=283155

More information about the Users mailing list