[Openswan Users] Problem in IPSEC L2TP connectivity
heta45 at gmail.com
Sat Sep 10 00:36:00 EDT 2011
Thanks for reply. I have done this setting . But It still doing one
way communication. I can connect to server from client but from server I am
able to connect client I cannot able to ping client from server side.
On Sat, Sep 10, 2011 at 1:57 AM, Paul Wouters <paul at xelerance.com> wrote:
> On Fri, 9 Sep 2011, heta shah wrote:
> I have configured IPSEC and L2TP in ubuntu system . I want to
>> configure road worries setup . In this my VPN is working fine .
>> Windows system is connected with ubuntu VPN server and I can connect with
>> vpn server from windows VPN client but I cannot connect
>> mean cannot ping to windows VPN client from ubuntu VPN server. This is my
>> configuration of ubuntu VPN server.
> You might need to tweak the registry on Windows as your Liunx VPN server is
> behind NAT (If i read
> your config below correctly)
> conn L2TP-PSK-noNAT
>> # Configuration for one user with any type of IPsec/L2TP client
>> # including the updated Windows 2000/XP (MS KB Q818043), but
>> # excluding the non-updated Windows 2000/XP.
>> # Use a Preshared Key. Disable Perfect Forward Secrecy.
>> # PreSharedSecret needs to be specified in /etc/ipsec.secrets as
>> # YourIPAddress %any: "sharedsecret"
>> # we cannot rekey for %any, let client rekey
>> # Apple iOS doesn't send delete notify so we need dead peer
>> # to detect vanishing clients
>> # Set ikelifetime and keylife to same defaults windows has
>> # l2tp-over-ipsec is transport mode
>> # For updated Windows 2000/XP clients,
>> # to support old clients as well, use leftprotoport=17/%any
> That should normally be 17/1701, unless your NAT gateway is doing something
>> # The remote user.
>> # Using the magic port of "%any" means "any one single port". This
>> # a work around required for Apple OSX clients that use a randomly
>> # high port.
> You are missing rightsubnet=vhost:%priv,%no You "config setup" also needs
> to have:
> # Secrets for authentication using CHAP
>> # client server secret IP addresses
>> username * "password" *
>> * username "password" *
> Don't you want that last column be be something like 192.168.5.0/24 ?
Thanks and Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users