[Openswan Users] L2TP/IPSec not working without NAT
Muenz, Michael
m.muenz at spam-fetish.org
Mon Apr 30 18:02:03 EDT 2012
Am 30.04.2012 17:21, schrieb Tuomo Soini:
> On Mon, 30 Apr 2012 08:10:32 +0200
> "Muenz, Michael"<m.muenz at spam-fetish.org> wrote:
>
>> Any ideas?
> Yes. Remove the last line from conn l2tp-X.509.
>
Sorry, I already removed this line. I copied the configuration from my
last mail, but in production it's
conn l2tp-X.509-nat
rightsubnet=vhost:%priv
also=l2tp-X.509
conn l2tp-X.509
authby=rsasig
pfs=no
auto=add
rekey=no
dpddelay=10
dpdtimeout=90
dpdaction=clear
ikelifetime=8h
keylife=1h
type=transport
left=Y.Y.Y.Y
leftid=%fromcert
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/ipsec-gw.XY.com.cer
leftprotoport=17/1701
right=%any
rightca=%same
rightrsasigkey=%cert
rightprotoport=17/%any
In conn %default I have "leftsubnet=0.0.0.0/0", will that cause any errors?
Thanks
Michael
More information about the Users
mailing list