[Openswan Users] Roadwarrior setup to Draytek Vigor

[Daniel Cave]

I have a setup with Openswan/CentOS5.6 --> draytek 2820n, using straight ipsec. no l2tp. It works fine.

im not using L2TP at all - The Draytek connects (initates) to the openswan box.

On 27 Feb 2013, at 09:10, Muenz, Michael wrote:

> Hey Thorsten,
> 
> Am 27.02.2013 08:23, schrieb Thorsten Meinl:
>> Roadwarrior behing NAT (currently 192.168.0.11) <-->
>> VPN gateway (212.126.160.54) <-->
>> private network (172.17.17.0/24)
> 
> where is the relation to Draytek? The client behind Draytok initiates the connection?
> 
>> conn zurich
>>         authby=rsasig
>>         pfs=no
>>         rekey=yes
>>         keyingtries=3
>>         type=tunnel
>>         left=%defaultroute
>>         leftprotoport=17/1701
>>         leftrsasigkey=%cert
>>         leftcert=knime-vpn.pem
>>         right=212.126.160.54
>>         rightid="C=CH, ..."
>>         rightprotoport=17/1701
>>         rightcert=knime-router.pem
>>         rightsubnet=172.17.17.0/24
>>         auto=start
> 
> This is not a RW setup?
>> 
>> However, when I ping any of the host in the private network, e.g.
>> 172.17.17.2 I don't see any encrypted packages in tcpdump/wireshark, but
>> only direct connections. In the end I get "Destination Net Unreachable"
>> from the roadwarriors NAT router. What I am doing wrong here?
>> 
>> 
> Don't get it, which device initiates the VPN? conn zurich uses l2tp setup, don't thin the Draytek supports it.
> 
> Michael
> 
> -- 
> www.muenz-it.de
> - Cisco, Linux, Networks
> 
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

Regards

Dan.