[Openswan Users] OpenSwan + xl2tpd not working

Pete Mitchell Ghostryder at gmx.de
Wed Aug 18 11:11:12 EDT 2010 

Hi Paul,

thanks for that! Still, iPhone is able to connect, but the XP machine always gets error 678...

Regards,
g.

-------- Original-Nachricht --------
> Datum: Wed, 18 Aug 2010 10:53:12 -0400 (EDT)
> Von: Paul Wouters <paul at xelerance.com>
> An: Pete Mitchell <Ghostryder at gmx.de>
> CC: users at openswan.org
> Betreff: Re: [Openswan Users] OpenSwan + xl2tpd not working

> On Wed, 18 Aug 2010, Pete Mitchell wrote:
> 
> > I've upgraded to openswan-2.6.28. I've successfully connected to the
> server from my iPhone using L2TP as VPN. However, the connection from a
> Windows XP SP3 machine using the internal VPN client still fails. The l2tpd is
> still not getting any requests. When using the iPhone I can nicely see how
> the xl2tpd responds to the requests but for the XP machine nothing at all
> happens.
> >
> > The tunnel is established successfully as I'm getting the messages in
> /var/log/auth.log. But as I said xl2tpd is not fired up, for whatever reason.
> 
> >       
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
> 
> you prob need to exclude your server range here.
> 
> > conn FIRST_TEST
> >        authby=secret
> >        pfs=no
> >        auto=add
> >        keyingtries=3
> >        rekey=no
> >        type=transport
> >       
> ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-m                                                                    
>         
> d5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1                                                            
>                  024
> >        esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
> 
> I would remove the ike/esp lines as they are not needd.
> 
> >        left=%defaultroute
> >        leftnexthop=%defaultroute
> >        leftprotoport=udp/l2tp
> >        right=%any
> >        rightprotoport=udp/0
> 
> Use udp/%any instead of udp/0
> 
> >        rightnexthop=%defaultroute
> 
> You are also missing a rightsubnet=vhost:%priv,%no
> 
> Paul
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-- 
Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief!  
Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail

More information about the Users mailing list