[Openswan Users] Issues with OpenSwan + L2TPD + NAT-T + Windows XP SP2

Henrique Machado henrique.cicuto at gmail.com
Wed Sep 24 14:35:23 EDT 2008


Here´s my infrastructure:

Internet Device ========> INTERNET =========> Firewall 1 ===========>
Firewall 2/OpenSwan =========> Internal Network
(notebook, etc)

The idea is RoadWarrior VPN.
I had it working in the past when Firewall 2 was directly connected to

Both Firewall 1 and 2 are Debian 4.0.
OpenSwan and L2tpd are Debian´s default packages in Firewall 2.

Following the log files, I´ve noticed that OpenSwan is working (the
VPN tunnel receives a ESTABLISHED status).
My IPTables rules direct the traffic to L2tpd only if the IPSec
connection is established.
I followed l2tpd´s log file and saw something happening. I made it so
it would authenticate users with my AD inside Internal Network.
The problem is: my Windows XP SP2 client keeps receiving a message of:
"It was not possible to verify the identity of the server."

Here´s my l2tpd.log output (the important part):

sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5>
<magic 0x7b0b2099> <pcomp> <accomp>]
rcvd [LCP ConfNak id=0x0 <magic 0x340539de>]
rcvd [LCP ConfNak id=0x1 <auth chap MS-v2>]
sent [LCP ConfReq id=0x2 <mru 1410> <asyncmap 0x0> <auth chap MS-v2>
<magic 0x7b0b2099> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x2 <mru 1410> <asyncmap 0x0> <auth chap MS-v2>
<magic 0x7b0b2099> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x54f60d20> <pcomp>
<accomp> <callback CBCP>]
sent [LCP ConfRej id=0x1 <callback CBCP>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <magic 0x54f60d20> <pcomp> <accomp>]
sent [LCP ConfAck id=0x2 <mru 1400> <magic 0x54f60d20> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0x7b0b2099]
sent [CHAP Challenge id=0x67 <1182204a29200f53dc7c706cb272240a>, name
= "TrendsRW"]
rcvd [LCP Ident id=0x3 magic=0x54f60d20 "MSRASV5.10"]
rcvd [LCP Ident id=0x4 magic=0x54f60d20 "MSRAS-0-DHNFYCG1"]
rcvd [LCP EchoRep id=0x0 magic=0x54f60d20]
rcvd [CHAP Response id=0x67
name = "DOMAIN_NAME\\user_name"]
sent [CHAP Success id=0x67 "S=23FBBC2317F1C351DAAFEEB4A20B9C82249B2720
M=Access granted"]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr>]
rcvd [LCP TermReq id=0x5 "T\37777777766\r \000<\37777777715t\000\000\003\n"]
LCP terminated by peer (TM-v^M ^@<M-Mt^@^@^C^J)
sent [LCP TermAck id=0x5]
Terminating on signal 15
Modem hangup
Connection terminated.
Connect time 0.1 minutes.
Sent 16 bytes, received 0 bytes.

Any ideas?

More information about the Users mailing list