[Openswan Users] Client VPN on Vista OS

Sasa sasa at shoponweb.it
Fri Oct 30 13:25:31 EDT 2009


Also with WIndows 7 I have the same error message, only with Windows XP Pro 
I haven't problem and the vpn connection is ok.
But there is a vpn client that support l2tp over ipsec ? I think that my 
problem is that Vista/7 aren't supported l2tp over ipsec.
Thanks.

------

   Salvatore.


----- Original Message ----- 
From: "Sasa" <sasa at shoponweb.it>
To: "Paul Wouters" <paul at xelerance.com>
Cc: <users at openswan.org>
Sent: Monday, October 19, 2009 9:47 AM
Subject: Re: [Openswan Users] Client VPN on Vista OS


> Hi, my ip address space are:
>
> 85.18.z.k= ip public on vpn server
> 10.0.0.100= ip private on vpn server
> 89.97.x.y= ip public on that remote vpn client
> 10.0.1.221= ip private on that remote vpn client
>
> ..now in ipsec.conf I have:
>
> virtual_private=%v4:0.0.0.0/0,%v4:!10.0.0.0/24
>
> ..but also with this parameter I have error in log file:
>
> Oct 19 10:40:13 fw pluto[20921]: "left-road"[2] 89.97.x.y #6: I did not 
> send
> a certificate because I do not have one.
> Oct 19 10:40:13 fw pluto[20921]: "left-road"[2] 89.97.x.y #6: transition
> from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Oct 19 10:40:13 fw pluto[20921]: "left-road"[2] 89.97.x.y #6: 
> STATE_MAIN_R3:
> sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> Oct 19 10:40:13 fw pluto[20921]: "left-road"[2] 89.97.x.y #6: cannot 
> respond
> to IPsec SA request because no connection is known for
> 85.18.z.k...89.97.x.y[10.0.1.221]===10.0.1.221/32
> Oct 19 10:40:13 fw pluto[20921]: "left-road"[2] 89.97.x.y #6: sending
> encrypted notification INVALID_ID_INFORMATION to 89.97.x.y:4500
>
> ..where is my error ?
> Thanks.
>
> ------
>
>   Salvatore.
>
>
>
>
>
>
> ----- Original Message ----- 
> From: "Paul Wouters" <paul at xelerance.com>
> To: "Sasa" <sasa at shoponweb.it>
> Cc: <users at openswan.org>
> Sent: Friday, October 16, 2009 3:32 PM
> Subject: Re: [Openswan Users] Client VPN on Vista OS
>
>
>> On Fri, 16 Oct 2009, Sasa wrote:
>>
>>> the address space is this:
>>>
>>> 85.18.z.k= ip public on vpn server
>>> 89.97.x.y= ip public on that remote vpn client
>>> 10.0.1.221= ip private on that remote vpn client
>>>
>>> I have tried with this parameter:
>>> virtual_private=%v4:0.0.0.0/0,%v4:!10.0.1.0/24
>>>
>>> ..but in log file I have always:
>>
>>> Oct 16 14:47:32 fw pluto[22744]: "left-road"[2] 89.97.x.y #6: cannot
>>> respond to IPsec SA request because no connection is known for
>>> 85.18.z.k...89.97.x.y[10.0.1.221]===10.0.1.221/32
>>
>> Oh. i didnt realise 85.18.z.k was the server.
>>
>> Your virtual_private= should include the addresses that may appear 
>> NAT'ed.
>> It
>> should exclude any IP ranges used *behind* the server. You did not list
>> any
>> in this email. But lets say your vpn server has an internal address in
>> 192.168.0.0/24
>> then you could use virtual_private=%v4:0.0.0.0/0,%v4:!192.168.0.0/24 to
>> disallowe clients connecting with conflicting IP addresses from the 
>> server
>> side
>> network.
>>
>> Paul
>>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 



More information about the Users mailing list