[Openswan Users] Users Digest, Vol 61, Issue 17

Chris Patch chrispatch at intrstar.net
Wed Dec 10 14:17:09 EST 2008 

Message: 4
Date: Wed, 10 Dec 2008 15:50:12 +0100
From: No Body is Perfect <news.listener at gmail.com>
Subject: Re: [Openswan Users] L2TP / IPSEC shows problem while
	connecting from Windows XP(Maximum retries exceeded for tunnel
40334.
	Closing)!!!!
To: users at lists.openswan.org
Message-ID: <ghokv4$b6k$1 at ger.gmane.org>
Content-Type: text/plain; charset=ISO-8859-1

I am interessed to if you are resolved this issue ?

Shiva Raman schrieb:
> Dear all
> 
>  i am trying to setup a L2TP/IPSEC vpn server with Linux as server and
> windows as clients.
> I am facing a problem in which the clients are not able to connect to
> openswan server. I tried
> with different configuration and also referred to postings in the
> openswan list. but i was not able to fix the problem. Let me the
> explains the details of my installation.
> 
>   I am using the following version of OS and openswan /l2tp.
> 
> 
> OS Version
> -----------------
> 
> Centos 5.2 (64 bit )  as L2TP/IPSEC server
> Windows xp sp2 as L2TP/IPSEC client
> 
> openswan version
> ----------------------------
> openswan-2.6.12-2.el5
> 
> l2tpd version
> -----------------
> l2tpd-0.69-0.2.20051030.fc4.x86_64.rpm
> 
> Kernel version of Centos 5.2 - > 2.6.18-92.el5
> 
> Following are the configuration files
> 
> Configuartion of  ipsec.conf
> 
> conn %default
>         keyingtries=3
>         compress=yes
>         disablearrivalcheck=no
>         authby=secret
>         type=tunnel
>         keyexchange=ike
>         ikelifetime=240m
>         keylife=60m
> 
> conn roadwarrior
>         pfs=no
>         left=219.64.78.98
>         leftprotoport=17/0
>         right=%any
>         rightprotoport=17/1701
>         rightsubnet=vhost:%no,%priv
>         auto=add
> 
> Sep 22 19:03:10 localhost l2tpd[10033]: Connection 94 closed to
> 211.77.124.191, port 1701
> 
> 
> kindly guide me how to resolve this issue.
> 
> 
> Regards
> 
> Shiva Raman
Try adding a leftnexthop=  I found if I did not, a route was being setup
that just pointed at the interface like a directly connected route.  If
this is your problem do an ip route list while the xp client is
connected and you will see a host route to the client via dev
$OUTSIDE_INTERFACE.  This causes the ppp session to time out.

The leftnexthop fixed it for me.

More information about the Users mailing list