[Openswan Users] Problem distinguishing roadwarrriors

Thomas Broda broda at billiger-mietwagen.de
Sat Jan 3 12:47:50 EST 2009


Hi,

I have an annoying problem with my roadwarrior configuration. I've got
several Linux and Windows roadwarriors.

Regarding the Linux users, there are several entries in ipsec.conf like
following one, of course with individual IDs:

conn roadwarrior-linux1
authby=rsasig
left=%defaultroute
leftrsasigkey=%cert
leftid="/C=DE/ [...]"
leftcert=leftcertfile.pem
leftsubnet=192.168.3.0/24
right=%any
rightrsasigkey=%cert
rightid="/C=DE/ [...]"
auto=add

The Linux users can establish connections without any problem.

Then, there's a standard config for the Windows users using the builtin
L2TP client:

conn roadwarrior-l2tp
authby=secret
rekey=no
pfs=no
keyingtries=1
left=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
auto=add

This config works fine, but only if it is the only roadwarrior entry in
ipsec.conf.

If ipsec.conf contains both kinds of configurations (several Linux
roadwarriors AND the Windows L2TP config), then connection attempts from
the Windows clients end up in the wrong configuration context. That is,
Openswan will try to apply the configuration from "conn
roadwarrior-linux1" (as an example) instead using "conn roadwarrior-l2tp".

What do I need to change in order to make Openswan use the right
configuration for the Windows clients?

Cheers,

-- 
Thomas


More information about the Users mailing list