[Openswan Users] openswan + l2tp nat-t doesn't work

Tue Apr 14 13:42:34 EDT 2009

I've just installed the 2.4.14 + xl2tpd but I have some problem to get working the XP remote clients. 
My net arch is: 

openswan 2.4.14 192.168.1.5/24 ----- gw 192.168.1.1/24 ----- public ip : 217.128.239.224 
-------- 
-------- 
public ip of the client ----- gw 192.168.7.1/24 ---- XP 192.168.7.2/24 

If I try to connect from the lan (just to test my cert/key files), it works. So I'm sure of my certificate. 

I have opened the ports 17 / 1701 / 500 / 4500 on firewall. 
But when my client connects, I got an error : "remote computer not responding" 

My conf : 
ipsec.conf 
version 2.0 
config setup 
nat_traversal=yes 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12:%v4:192.168.1.0/24 
nhelpers=0 
protostack=klips 
interfaces="ipsec0=eth0" 

conn %default 
keyingtries=1 
compress=yes 
disablearrivalcheck=no 
authby=rsasig 
leftrsasigkey=%cert 
rightrsasigkey=%cert 

conn roadwarrior 
type=transport 
left=192.168.1.116 
leftnexthop=192.168.1.1 
leftsubnet=192.168.1.0/24 
leftcert=integration.pem 
leftprotoport=17/1701 
right=%any 
rightprotoport=17/%any 
pfs=no 
auto=add 

conn block 
auto=ignore 

conn private 
auto=ignore 

conn private-or-clear 
auto=ignore 

conn clear-or-private 
auto=ignore 

conn clear 
auto=ignore 

conn packetdefault 
auto=ignore 

xl2tpd.conf 
[global] 
port = 1701 
listen-addr = 192.168.1.116 

[lns default] 
ip range = 192.168.1.99-192.168.1.101 
local ip = 192.168.1.117 
require chap = yes 
refuse pap = yes 
require authentication = yes 
name = OCTIVPN 
ppp debug = yes 
pppoptfile = /etc/ppp/options.xl2tpd 
length bit = yes 

options.xl2tpd 
ipcp-accept-local 
ipcp-accept-remote 
ms-dns 192.168.1.153 
noccp 
auth 
crtscts 
idle 1800 
mtu 1410 
mru 1410 
nodefaultroute 
debug 
lock 
proxyarp 
connect-delay 5000 

Any idea to resolve this ? 

Thanks for your helps. 

----- Mail Original ----- 
De: "Paul Wouters" <paul at xelerance.com> 
À: "Reza ISSANY" <issanyr at olympecti.fr> 
Cc: users at openswan.org 
Envoyé: Samedi 11 Avril 2009 18h29:08 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne 
Objet: Re: [Openswan Users] openswan + l2tp nat-t doesn't work 

On Sat, 11 Apr 2009, Reza ISSANY wrote: 

> Is somebody make work openswan 2.21 + L2TP with NAT-T ? 

There is not such thing as openswan 2.21. You should use openswan-2.4.14 
until bug #1004 is addressed in the openswan 2.6.x series if you are using 
l2tp. 

Paul 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090414/066f0a4a/attachment.html 