[Openswan Users] issue with WinXP L2TP/IPSEC connection to Linux L2tpd

Sambuddho Chakravarty sc2516 at columbia.edu
Mon Jun 30 01:43:54 EDT 2008


Hello Paul 
 Thanks a lot for this . I was actually using the 20.0.0.0/24 subnet to
represent our "Internet" and making a connection to the openswan ipsec
gateway to access subnet 30.0.0.0/24 connected on the other interface of
the ipsec gateway. I get the idea
Thanks
Sambuddho

On Mon, 2008-06-30 at 01:23 -0400, Paul Wouters wrote:
> On Mon, 30 Jun 2008, Sambuddho Chakravarty wrote:
> 
> >  I created a small network wherein a windows xp (with sp2) connected to
> > a linux ipsec gateway . The Linux ipsec gateway uses openswan and the
> > config file (ipsec.conf) is very similary to that shown in 
> 
> > This is how the linux openswan ipsec.conf looks like:
> > 
> > conn rw-net
> >         type=transport
> >         authby=rsasig
> >         left=20.0.0.3
> >         leftnexthop=20.0.0.2
> >         leftrsasigkey=%cert
> >         leftsubnet=vhost:%no,%priv
> >         leftprotoport=17/1701
> >         right=20.0.0.2
> >         rightsubnet=30.0.0.0/24
> 
> With l2tp you do not use subnets.
> 
> >         rightnexthop=20.0.0.3
> >         rightrsasigkey=%cert
> >         rightcert=server_crt.pem
> >         rightsourceip=20.0.0.2
> > 	rightprotoport=17/1701
> >         auto=add
> >         pfs=no
> 
> Note that you cannot really have two ends of l2tp in the same subnet,
> and then hand out an IP address in that same range.
> You should add a router in the middle, eg:
> 
> windows ----- router-----openswan-----lan subnet
> 
> > The windows ipsec.conf is this :
> > 
> > conn rw-client
> 
> You should not install the ebootis vpn tools anymore. First of all,
> because you do NOT need any software when using L2TP. Second, because
> these tools are dead and wont work with Vista (and some XP's)
> If you want to use non-l2tp ipsec with Windows, look at lsipsectool.exe
> instead.
> 
> >         MyTunnel     : 20.0.0.3
> >         MyNet        : 20.0.0.3/255.255.255.255
> >         PartnerTunnel: 20.0.0.2
> >         PartnerNet   : 30.0.0.0/255.255.255.0
> >         CA (ID)      : C=US,S=NC,O=Trade Show Hell,CN=MyOwn Root
> 
> > For extended usage, run: ipseccmd -?
> 
> you are getting an error because the command line arguments and some
> exe files changed completely between when the ebootis tools were
> written and current Microsoft releases.
> 
> Paul



More information about the Users mailing list