[Openswan Users] Openswan/xl2tpd issue with nated roadwarriors
Paul Wouters
paul at xelerance.com
Sat Jun 20 12:41:18 EDT 2009
On Sat, 20 Jun 2009, Sebastian Gomez Velasco wrote:
> I'm trying to setup a VPN Server with Openswan 2.6.14 and xl2tpd 1.2.4, in a Centos 5.2 with Kernel 2.6.29. I want to connect
> multiple roadwarriors (Windows XP and Windows Vista) that can or not be nated. First I tried with roadwarriors that are not
> nated, and it works fine. When I tried with roadwarriors that are nated, I added this line to my ipsec.conf file:
Due to bug #1004 you should probably use openswan 2.4.14.
> rightsubnet=vhost:%no,%priv
>
> (I have tried with rightid and leftid, the result is the same)
>
> Doing this my connections fails. In my /var/log/secure file I found this:
>
> STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x74cb12e6 <0xb9e57168 xfrm=3DES_0-HMAC_MD5 NATOA=10.0.0.20
> NATD=190.154.77.1:4500 DPD=none}
Why is it tunnel mode? l2tp normally works with ipsec in transport mode.
> so, the connection with ipsec works.
>
> In my /var/log/messages file, I found this:
>
> Jun 10 16:45:39 VPN xl2tpd[4867]: Maximum retries exceeded for tunnel 59111. Closing.
>
> Jun 10 16:45:47 VPN xl2tpd[4867]: Connection 1 closed to 190.154.77.1, port 1701 (Timeout)
This is probably because of bug #1004.
> Then I commented the line rightsubnet=vhost:%no,%priv (and rightid and leftid lines), and again my connection works!!!, but I
> need the connection with nated roadwarriors.
Does it work if you use: rightsubnet=vhost:%priv
Paul
More information about the Users
mailing list