[Openswan Users] issue with WinXP L2TP/IPSEC connection to Linux L2tpd

Paul Wouters paul at xelerance.com
Mon Jun 30 01:23:52 EDT 2008


On Mon, 30 Jun 2008, Sambuddho Chakravarty wrote:

>  I created a small network wherein a windows xp (with sp2) connected to
> a linux ipsec gateway . The Linux ipsec gateway uses openswan and the
> config file (ipsec.conf) is very similary to that shown in 

> This is how the linux openswan ipsec.conf looks like:
> 
> conn rw-net
>         type=transport
>         authby=rsasig
>         left=20.0.0.3
>         leftnexthop=20.0.0.2
>         leftrsasigkey=%cert
>         leftsubnet=vhost:%no,%priv
>         leftprotoport=17/1701
>         right=20.0.0.2
>         rightsubnet=30.0.0.0/24

With l2tp you do not use subnets.

>         rightnexthop=20.0.0.3
>         rightrsasigkey=%cert
>         rightcert=server_crt.pem
>         rightsourceip=20.0.0.2
> 	rightprotoport=17/1701
>         auto=add
>         pfs=no

Note that you cannot really have two ends of l2tp in the same subnet,
and then hand out an IP address in that same range.
You should add a router in the middle, eg:

windows ----- router-----openswan-----lan subnet

> The windows ipsec.conf is this :
> 
> conn rw-client

You should not install the ebootis vpn tools anymore. First of all,
because you do NOT need any software when using L2TP. Second, because
these tools are dead and wont work with Vista (and some XP's)
If you want to use non-l2tp ipsec with Windows, look at lsipsectool.exe
instead.

>         MyTunnel     : 20.0.0.3
>         MyNet        : 20.0.0.3/255.255.255.255
>         PartnerTunnel: 20.0.0.2
>         PartnerNet   : 30.0.0.0/255.255.255.0
>         CA (ID)      : C=US,S=NC,O=Trade Show Hell,CN=MyOwn Root

> For extended usage, run: ipseccmd -?

you are getting an error because the command line arguments and some
exe files changed completely between when the ebootis tools were
written and current Microsoft releases.

Paul


More information about the Users mailing list