[Openswan Users] Openswan/xl2tpd issue with nated roadwarriors

Paul Wouters paul at xelerance.com
Sat Jun 20 12:41:18 EDT 2009

On Sat, 20 Jun 2009, Sebastian Gomez Velasco wrote:

> I'm trying to setup a VPN Server with Openswan 2.6.14 and xl2tpd 1.2.4, in a Centos 5.2 with Kernel 2.6.29. I want to connect
> multiple roadwarriors (Windows XP and Windows Vista) that can or not be nated. First I tried with roadwarriors that are not
> nated, and it works fine. When I tried with roadwarriors that are nated, I added this line to my ipsec.conf file:

Due to bug #1004 you should probably use openswan 2.4.14.

> rightsubnet=vhost:%no,%priv
> (I have tried with rightid and leftid, the result is the same)
> Doing this my connections fails. In my /var/log/secure file I found this:
> STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x74cb12e6 <0xb9e57168 xfrm=3DES_0-HMAC_MD5 NATOA=
> NATD= DPD=none}

Why is it tunnel mode? l2tp normally works with ipsec in transport mode.

> so, the connection with ipsec works.
> In my /var/log/messages file, I found this:
> Jun 10 16:45:39 VPN xl2tpd[4867]: Maximum retries exceeded for tunnel 59111.  Closing.
> Jun 10 16:45:47 VPN xl2tpd[4867]: Connection 1 closed to, port 1701 (Timeout)

This is probably because of bug #1004.

> Then I commented the line rightsubnet=vhost:%no,%priv (and rightid and leftid lines), and again my connection works!!!, but I
> need the connection with nated roadwarriors.

Does it work if you use: rightsubnet=vhost:%priv


More information about the Users mailing list