[Openswan Users] Problem distinguishing roadwarrriors
Thomas Broda
broda at billiger-mietwagen.de
Sat Jan 3 12:47:50 EST 2009
Hi,
I have an annoying problem with my roadwarrior configuration. I've got
several Linux and Windows roadwarriors.
Regarding the Linux users, there are several entries in ipsec.conf like
following one, of course with individual IDs:
conn roadwarrior-linux1
authby=rsasig
left=%defaultroute
leftrsasigkey=%cert
leftid="/C=DE/ [...]"
leftcert=leftcertfile.pem
leftsubnet=192.168.3.0/24
right=%any
rightrsasigkey=%cert
rightid="/C=DE/ [...]"
auto=add
The Linux users can establish connections without any problem.
Then, there's a standard config for the Windows users using the builtin
L2TP client:
conn roadwarrior-l2tp
authby=secret
rekey=no
pfs=no
keyingtries=1
left=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
auto=add
This config works fine, but only if it is the only roadwarrior entry in
ipsec.conf.
If ipsec.conf contains both kinds of configurations (several Linux
roadwarriors AND the Windows L2TP config), then connection attempts from
the Windows clients end up in the wrong configuration context. That is,
Openswan will try to apply the configuration from "conn
roadwarrior-linux1" (as an example) instead using "conn roadwarrior-l2tp".
What do I need to change in order to make Openswan use the right
configuration for the Windows clients?
Cheers,
--
Thomas
More information about the Users
mailing list