[Openswan Users] Openswan 2.6.38 and Windows XP breaking everything!
Bart Swedrowski
bart at timedout.org
Tue Apr 17 03:59:37 EDT 2012
On 17 April 2012 03:53, Willie Gillespie <wgillespie+openswan at es2eng.com> wrote:
> My configs have rightprotoport=17/0 instead of 17/%any with the following
> note (which I'm not sure if it's an old note, or current)
>
> # Using the magic port of "0" means "any one single port". This is
> # a work around required for Apple OSX clients that use a randomly
> # high port, but propose "0" instead of their port.
>
> That should fix the one warning you got.
Sadly it didn’t fix the warning. It changed though to:
Apr 17 08:57:06 vpn02 pluto[28085]: "L2TP-PSK-NAT"[2] 1.2.3.4 #2:
netlink_raw_eroute: WARNING: that_client port 0 and that_host port
64816 don't match. Using that_client port.
The rest is still the same, the policy that jumps in when I connect
from the XP box looks like:
src 5.6.7.8/32 dst 1.2.3.4/32 proto udp sport 1701
dir out priority 2080 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 16397 mode transport
src 192.168.107.20/32 dst 5.6.7.8/32 proto udp dport 1701
dir in priority 2080 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 16397 mode transport
And once I have disconnected the XP host the following one stays:
src 5.6.7.8/32 dst 1.2.3.4/32 proto udp sport 1701
dir out priority 2080 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 16397 mode transport
> I also have a note with the following settings:
> # Apple iOS doesn't send delete notify so we need dead peer detection
> # to detect vanishing clients
>
> dpddelay=10
> dpdtimeout=90
> dpdaction=clear
Thanks for that - I will add that in.
Also, thank you for follow up.
Any other suggestions, chaps?
More information about the Users
mailing list