[Openswan Users] L2TP-PSK to iPhone/OSX/Win7

Pete Ashdown pashdown at xmission.com
Tue Sep 27 13:32:57 EDT 2011

Your configuration would work if you're connecting from a NAT network. 
OSX/iPhone doesn't have any problems with that.  It is when you connect
from a public address that you have problems.  You either need to have
forceencaps=yes or nat_traversal off for public to work.  I'm trying to get
both working at the same time.

Paul this issue is unrelated to this bug right?  It seems similar:


On 09/26/2011 05:47 PM, Willie Gillespie wrote:
> On Mon, 26 Sep 2011, Pete Ashdown wrote:
>> With some help from Paul, I was able to get OSX Lion to connect the following configuration.  iPhone also works:
>> Any thoughts are appreciated.
> The only differences between my config and yours are the following 
> (snipped to just the differences):
>          rightsubnet=vhost:%priv
>          # Apple iOS doesn't send delete notify so we need dead peer 
> detection
>          # to detect vanishing clients
>          dpddelay=10
>          dpdtimeout=90
>          dpdaction=clear
>          # Set ikelifetime and keylife to same defaults Windows has
>          ikelifetime=8h
>          keylife=1h
>          # l2tp-over-ipsec is transport mode
>          type=transport
> You have rightsubnet=vhost:%no,%priv where mine doesn't have the %no.  I 
> can't recall right now what that does.

%no = public addresses,  %priv = private addresses

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110927/4aeebcfa/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20110927/4aeebcfa/attachment.bin 

More information about the Users mailing list