[Openswan Users] Openswan 2.6.32 / xl2tpd not working with Windows XP

Paul Wouters paul at xelerance.com
Thu Jan 6 23:43:26 EST 2011


On Thu, 6 Jan 2011, Jai Dhar wrote:

>> Odd. because the logs you showed in the previous mail shows a successful
>> negotiation WITH NAT set. Are you sure this XP is fully upgraded?
>
> I'm guessing this line indicates a successful negotiation:
> Jan  5 22:40:06 viammc pluto[31255]: "L2TP-PSK-NAT"[2] 192.168.1.1 #1:
> STATE_MAIN_R3: sent MR3, ISAKMP SA established

No, that's only phase1. Look for the "IPsec SA established" line.

> Now, how do I check if XP is upgraded, and upgraded to what
> specifically? System Properties shows Versions 2002, Service Pack 3.

I dont try. Try a system update? :)

>> This is some bug that requires more attention, likely an openswan bug. But
>> what you see is our workaround for this being triggered, so I was expecting
>> this to work...
>
> Can you answer this... for the XP using internal IP case, is the
> traffic supposed to be encapsulated over UDP?

I am not sure what "internal IP" case is. You showed:

>> STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x96a05f3a
>> <0x59e7df1b xfrm=3DES_0-HMAC_MD5 NATOA=192.168.1.108
>> NATD=192.168.1.1:4500 DPD=none}

Since NATD and NATOA is not "none", this means UDP encapsulation is negoatiated
and expected.

> I also don't know if this could be related to my previous post where
> ipsec requires a restart everytime I'm finished with a connection.

New connections should replace the older ones, so I am not sure why you see this.

Paul


More information about the Users mailing list