[Openswan Users] issue with WinXP L2TP/IPSEC connection to Linux L2tpd
Paul Wouters
paul at xelerance.com
Mon Jun 30 18:28:07 EDT 2008
>
> windows host ----- router ----- openswan(2.6.14 gw)----- subnet
>
> ip range = 30.0.0.10-30.0.0.20
You want to make that a real subnet, eg a /28 or /27
> * * secret
Use something like:
user1 * "mysecret" 30.0.0.8/27
* user1 "mysecret" 30.0.0.8/27
> When connecting to the openswan gateway , I put no username and password
Don't do that. Use a username/password
> as -'secret'. On observing the logs /var/log/auth.log , I see the SA
> being established but immediately following that there is a SA
> disconnect message and the windows login fails. I have enabled CHAP
IPsec works, but l2tp isn't, so ipsec is hung up too.
> STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
> Jun 30 18:28:24 host3 pluto[5045]: "l2tp-X.509"[26] 10.0.0.3 #13:
> received Delete SA payload: deleting ISAKMP State #13
That's actually before your ipsec SA fully works. I suspect you did not
properly configure L2TP on your windows box. You might have the "encryption"
setting on in l2tp (which is wrong, it should be off or "allow unencrypted"
since you won't use l2tp encryption but ipsec encryption.
Paul
More information about the Users
mailing list