[Openswan Users] Questions about my ipsec.conf config for Android, iOS, and Windows7 roadwarriors
users-bounces at lists.openswan.org
users-bounces at lists.openswan.org
Fri Sep 20 18:07:41 UTC 2013
Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.
From: Lawrence Chiu <Lawrence_Chiu_TX3 at yahoo.com>
Subject: Questions about my ipsec.conf config for Android, iOS, and Windows7 roadwarriors
Date: 20 September, 2013 2:05:19 PM EDT
To: users at lists.openswan.org
I was following the setup tutorial to set up a Openswan L2TP-IPSEC with PSK at this link:
http://samsclass.info/ipv6/proj/proj-L5-VPN-Server.html
The /etc/ipsec.conf file looks like this. I used the example provided, changing only the line "left=YOUR.SERVER.IP.ADDRESS" to "left=192.168.0.50" which is the eth0 of my server. Everything else was the same.
=== /etc/ipsec.conf
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=YOUR.SERVER.IP.ADDRESS
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
===
It does not work as-is with an Android client. The first question is regarding the line "rightsubnet=vhost:%priv". If I delete that line, it works with Android. What is the implication of removing this line?
The second question is regarding an iPad client. It doesn't work at all, unless I added: "forceencaps=yes" and "dpdaction=clear". What do these do?
The third and last question is regarding a Windows 7 client. It does not work at all, even after the registry hack here: http://support.microsoft.com/kb/926179/en-us
I set AssumeUDPEncapsulationContextOnSendRule=2 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\
which meant: A value of 2 configures Windows so that it can establish security associations when both the server and the Windows Vista-based or Windows Server 2008-based VPN client computer are behind NAT devices.
But it still doesn't work, giving out an error code 809.
Error Description: 809: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
So the last question is how to get Windows 7 to work. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130920/b288ddb2/attachment.html>
More information about the Users
mailing list