[Openswan Users] RES: L2TP IPSEC and Windows XP

Fri Feb 29 15:29:00 EST 2008

Jacco,

I have been having an another problem. I tested connection in XP and Vista
and everything is OK. But in one of machines that has Windows Vista I
couldn´t established the connection. The log below shows that connection
sincronize but in the same time broke. Do you know what can I do in this
case?

Thanks.

André

Feb 29 17:58:21 TEXVPNPROXY pluto[1537]: "roadwarrior-l2tp"[26]
189.19.53.225 #68: responding to Quick Mode {msgid:01000000}
Feb 29 17:58:21 TEXVPNPROXY pluto[1537]: "roadwarrior-l2tp"[26]
189.19.53.225 #68: transition from state STATE_QUICK_R0 to state
STATE_QUICK_R1
Feb 29 17:58:21 TEXVPNPROXY pluto[1537]: "roadwarrior-l2tp"[26]
189.19.53.225 #68: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
expecting QI2
Feb 29 17:58:21 TEXVPNPROXY pluto[1537]: "roadwarrior-l2tp"[26]
189.19.53.225 #68: transition from state STATE_QUICK_R1 to state
STATE_QUICK_R2
Feb 29 17:58:21 TEXVPNPROXY pluto[1537]: "roadwarrior-l2tp"[26]
189.19.53.225 #68: STATE_QUICK_R2: IPsec SA established {ESP=>0x8b2f2a27
<0x341fd109 xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}
Feb 29 17:58:56 TEXVPNPROXY pluto[1537]: "roadwarrior-l2tp"[26]
189.19.53.225 #67: received Delete SA(0x8b2f2a27) payload: deleting IPSEC
State #68
Feb 29 17:58:56 TEXVPNPROXY pluto[1537]: "roadwarrior-l2tp"[26]
189.19.53.225 #67: received and ignored informational message
Feb 29 17:58:56 TEXVPNPROXY pluto[1537]: "roadwarrior-l2tp"[26]
189.19.53.225 #67: received Delete SA payload: deleting ISAKMP State #67
Feb 29 17:58:56 TEXVPNPROXY pluto[1537]: "roadwarrior-l2tp"[26]
189.19.53.225: deleting connection "roadwarrior-l2tp" instance with peer
200.200.200.225 {isakmp=#0/ipsec=#0}
Feb 29 17:58:56 TEXVPNPROXY pluto[1537]: packet from 189.19.53.225:500:
received and ignored informational message

-----Mensagem original-----
De: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Em nome
de Jacco de Leeuw
Enviada em: quinta-feira, 28 de fevereiro de 2008 11:49
Para: users at openswan.org
Assunto: Re: [Openswan Users] L2TP IPSEC and Windows XP

André Mendes wrote:

> I discovered the problem. Ipsec.secrets had a problem when try to load
> certify. Another think that I found was that you need to put the
leftnexthop
> in ipsec.conf. If you don't put this parameter, the gateway couldn't find
> your host.

Is the server behind NAT, perhaps?

> One more question. Do you know IF I can logon in Active Directory, instead
> of use the ppp file?

This is actually a pppd question. There is a Winbind plug-in for pppd,
or you could use RADIUS to authenticate against the Active Directory /
Windows Server:
http://www.jacco2.dds.nl/networking/openswan-l2tp.html#L2TP-PPPencryption
There are of course are advantages in using Linux instead for
authentication :-).

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155