[Openswan Users] IPsec+L2TP connects the first time. Then doesn't...
Troy Telford
ttelford.groups at gmail.com
Mon Sep 20 18:44:44 EDT 2010
On 2010-09-20 16:01:20 -0600, Troy Telford said:
> On 2010-09-15 11:29:16 -0600, Paul Wouters said:
>
>> On Tue, 14 Sep 2010, Troy Telford wrote:
>>
>>> in my ipsec.conf:
>>>
>>> I had:
>>> rightprotoport=17/1701
>>>
>>> I needed:
>>> rightprotoport=17/0
>>
>> You should probably actually have 17/%any
>
> I've tried 17/%any, however when I have 17/%any, I can only connect the
> first time; subsequent attempts fail. 17/0, however, does work.
I feel a need to clarify: IPsec connects and seems to be working with
17/%any and 17/0. With either setting, I get "IPsec SA established
transport mode" whenever I connect - which tells me the IPsec part is
working.
However, for some reason xl2tpd won't connect after the first
connection is made (and/or broken) if I use 17/%any. If I have 17/0,
then xl2tpd will connect each time.
It may be my client; I use OS X 10.6's built-in L2TP client, and use
certificates to authenticate.
Oddly enough: With an iOS device (ie. my iPhone) and IPsec + PSK
(since the iPhone can't do certificates and L2TP), 17/%any works fine,
time after time.
> Is there any particular disadvantage to using 17/0 ? (Because 17/%any
> just isn't working for me...)
--
Troy Telford
More information about the Users
mailing list