[Openswan Users] issue with WinXP L2TP/IPSEC connection to Linux L2tpd

Sambuddho Chakravarty sc2516 at columbia.edu
Mon Jun 30 22:57:09 EDT 2008 

Hello Paul
 Really appreciate your help. The however problem still persists

On Mon, 2008-06-30 at 18:28 -0400, Paul Wouters wrote:
> > 
> > windows host ----- router ----- openswan(2.6.14 gw)----- subnet
> > 
> 
> > ip range = 30.0.0.10-30.0.0.20 
> 
> You want to make that a real subnet, eg a /28 or /27
It is a real /24 subnet behind the openswan gateway 

> > *  * secret  
> 
> Use something like:
> 
> user1           *       "mysecret"               30.0.0.8/27
> *               user1   "mysecret"               30.0.0.8/27

Did exactly this. The man page for l2tp-secrets however says it little
different . 

"
 The first field is for our hostname, a "*" may be used as a wildcard.

The second field is for the remote system’s hostname.  Again, a "*" may
be used as a wildcard.

The  third field is the secret used if the previous two fields match the
hostnames of the systems involve "




> 
> > When connecting to the openswan gateway , I put no username and password
> 
> Don't do that. Use a username/password
> 
> > as -'secret'. On observing the logs /var/log/auth.log , I see the SA
> > being established but immediately following that there is a SA
> > disconnect message and the windows login fails. I have enabled CHAP
> 
> IPsec works, but l2tp isn't, so ipsec is hung up too.
> 
> > STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
> > cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
> > Jun 30 18:28:24 host3 pluto[5045]: "l2tp-X.509"[26] 10.0.0.3 #13:
> > received Delete SA payload: deleting ISAKMP State #13
> 
> That's actually before your ipsec SA fully works. I suspect you did not
> properly configure L2TP on your windows box. You might have the "encryption"
> setting on in l2tp (which is wrong, it should be off or "allow unencrypted"
> since you won't use l2tp encryption but ipsec encryption.
> 
Turned off the encryption in windows. Network Connections >
L2TPConnection > Properties > Settings > Data Encryption (changed to "No
Encryption allowed" )

Thanks
Sambuddho

> Paul

More information about the Users mailing list