[Openswan Users] Mac OS X Roadwarrior IPSEC/L2TP fails second connection
Anthony Lester
alester at free.fr
Thu May 27 11:41:33 EDT 2010
Hi All,
Anybody any ideas about my reconnection problem. For the moment I
need to restart ipsec to connect a second time, which is not a very
reliable solution for me. I'd be very grateful for any hints.
I've just upgraded to Openswan 2.6.26 and I also upgraded my kernel
since it was previously rather old and I thought this could be an issue
(I am now on 2.6.27). However I still have the problem.
Best regards
Anthony
On 18 Mar 2010, at 20:49, Anthony Lester wrote:
> Hello,
>
> I have set up a IPSEC/L2TP VPN server using Openswan 2.6.24 and xl2tpd
> 1.2.4 on a machine in my home network which is behind a NAT router. I
> then try to connect from a Mac OS X laptop on a public WiFi network.
> The first connection works fine, but if I disconnect then try to
> reconnect, I get a message that there is no reply from the server. If
> I then restart ipsec on the server, I can connect again.
>
> After analyzing logs on both sides and looking at tcpdump results it
> seems that when the connection fails the L2TP negotiation is not
> working. Specifically the SCCRP reply from the server is being sent to
> the client unencrypted (i.e. not through the IPSEC connection) and so
> it is not seen by the client.
>
> Anybody any ideas?
>
> My configuration is as follows:
>
> version 2.0
>
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
> virtual_private=
> %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!
> 192.168.1.0/24
> protostack=netkey
>
> conn %default
> keyingtries=5
> compress=yes
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> rightca=%same
>
> conn roadwarrior-l2tp
> leftprotoport=17/1701
> rightprotoport=17/%any
> also=roadwarrior
>
> conn roadwarrior
> left=%defaultroute
> leftcert=alester.hd.free.fr.pem
> leftsubnet=192.168.1.0/24
> right=%any
> rightsubnet=vhost:%no,%priv
> pfs=no
> auto=add
>
> + all the auto=ignore stuff to disable oe
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list