[Openswan Users] [SPAM-HEADER -] - ipsec destroyed by android

Spacelee fjctlzy at gmail.com
Tue Jan 11 01:57:45 EST 2011 

On Tue, Jan 11, 2011 at 2:45 PM, Pascal Fuks <Pascal at financial-art.be>wrote:

> Hello,
> Could you share your configurations?
> I suppose that it has to do with dead peer detection.
> Add the following line in your OpenSwan connection config, then restart
> OpenSwan:
>
> dpddelay=40
> dpdtimeout=130
> dpdaction=clear
>
>
vi /etc/ipsec.d/L2TP-PSK-NAT.conf

conn L2TP-PSK-NAT
        overlapip=yes
        rightsubnet=vhost:%priv
        also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
        authby=secret
        pfs=no
        auto=add
#       keyingtries=3
        rekey=no
        ikelifetime=8h
        keylife=1h
        type=transport
        left=my public ip
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any
        dpddelay=40
        dpdtimeout=130
        dpdaction=clear



# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        oe=off
        # Enable this if you see "failed to find any available worker"
        nhelpers=0

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
uncomment this.
include /etc/ipsec.d/*.conf





Regards
> Pascal Fuks
> Network & Security Consultant,
> CEO / Administrateur délégué,
>
> Tel. : +32 2 387 08 00
> Fax : +32 2 387 07 06
> Email : pascal at financial-art.be
> IM: pascal at financial-art (MSN)
> Free/Busy Time: http://tinyurl.com/pfukscal
>
> <http://www.financial-art.be/>
> www.financial-art.be
> Avant d’imprimer cet email, réfléchissez à l’impact sur l’environnement.
> Please consider the environment before printing this mail.
>
>
>
> From: Spacelee <fjctlzy at gmail.com>
> Reply-To: <fjctlzy at gmail.com>
> Date: Tue, 11 Jan 2011 12:39:51 +0800
> To: users <users at openswan.org>
> Subject: [SPAM-HEADER -] - [Openswan Users] ipsec destroyed by android
>
> I have htc hero with android 2.1
> and I setup a xl2tp+openswan(newest)
> it's ok when I connect from mac os, windows....
> it's ok when I connect from android, BUT, then, I couldn't connect from mac
> os or windows any more...
> have you met such problem before?
>
> --
> *Space Lee*
>
> _______________________________________________ Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users Micropayments:
> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy Building and
> Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
> **** DISCLAIMER ****
>
> "This e-mail and any attachment thereto may contain information which is
> confidential and/or protected by intellectual property rights and are
> intended for the sole use of the recipient(s) named above.
> Any use of the information contained herein (including, but not limited to,
> total or partial reproduction, communication or distribution in any form) by
> other persons than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender either
> by telephone or by e-mail and delete the material from any computer".
>
> Thank you for your cooperation.
>
> * This e-mail was scanned against known viruses by MDaemon-DKAV
>



-- 
*Space Lee*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110111/e03ff837/attachment.html

More information about the Users mailing list