[Openswan Users] Openswan & ipsec-tools incompatible?

Paul Wouters pwouters at redhat.com
Sun Feb 12 13:57:28 EST 2012


On Sun, 12 Feb 2012, Patrick Lists wrote:

> I have been trying to figure out why Android 4.0.x (ICS) can not connect to 
> openswan-2.6.32-9.el6 on a CentOS 6.2 x86_64 box. Android ICS uses 
> ipsec-tools 0.8.0 (current git). So I installed ipsec-tools 0.8.0 on the 
> CentOS 6.2 box, configured it, on the phone started the IPsec/L2TPD profile 
> and the IPsec part works fine. Part of log:

It might all be a configuration issue. I was hunting down the iphone
public ip bug, when i wrote a patch but not sure if it is needed. Try
using:

 	virtual_private=%v4:0.0.0.0/0,%v4:!1.2.3.0/24,%v4:!192.168.0.0/24

where 1.2.3.0/24 is your l2tp servers public ip, and 192.168.0.0/24 is
what you hand out over l2tp. Of course along with:

 	rightsubnet=vhost:%priv,%no

I still needed to test if just that would be enough, or if the patch I
lost actually fixed something more.

You might see a difference in testing due to NAT being present or not.

Paul


More information about the Users mailing list