[Openswan Users] Issue matching MAC + Windows clients (L2TP/IPSec-PSK)
wgillespie+openswan at es2eng.com
Wed May 30 11:54:48 EDT 2012
With 2.6.38, I didn't need to use forceencaps=yes any longer for Apple
clients. I use the same conn for Windows and Apple clients.
I don't have rightsubnetwithin. I'm not sure what that is.
rightprotoport=17/0 (although you could try /%any also)
Under the NAT connection, I simply have:
Hope that helps.
On 05/29/2012 08:34 PM, Martin Lambev wrote:
> Hello I've red here
> and here <http://comments.gmane.org/gmane.network.openswan.user/20373>
> about troubles matching other connections exept the one that is first in
> the list when I use forceencaps=yes because MacOS requires that to
> connect behind NAT. But Windows clients refuse to connect if there is
> forceencaps=yes in the config.
> I can't make all clients to be happy and connect just fine - either
> Windows is connecting fine and Mac can't or the opposite.
> Here is my ipsec.conf, one of them I try many variations of the config
> options and order but always end up with the above result.
> # basic configuration
> config setup
> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
> # Enable this if you see "failed to find any available worker"
> # nhelpers=0
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
> uncomment this.
> #include /etc/ipsec.d/*.conf
> conn %default
> conn WIN-L2TP-PSK-NAT
> leftprotoport=17/1701 # here I try 0 for Windows XP and %any for
> matching both old and new WinOS'es
> conn APPLE-L2TP-PSK-NAT
> conn L2TP-PSK-noNAT
> I'm not experienced in using ipsec, can you pleas advise me what is the
> I'm ruining on CentOS 6.2 x64, I try with "*openswan.x86_64
> 0:2.6.32-12.el6_2"* and also compile form source *v.2.6.38*, end up with
> the same results.
> Any help will be appreciate!
> Best regards,
> Users at lists.openswan.org
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users