[Openswan Users] VPN (ipsec/l2tp) to windows server
michaelof at rocketmail.com
michaelof at rocketmail.com
Fri Jan 22 18:34:26 UTC 2021
Hi all,
first post after having myself subscribed :)
Not able to connect to a IPsec/L2TP vpn server running on mswin. Described as detailed as possible here: https://forums.opensuse.org/showthread.php/549340-VPN-(ipsec-l2tp)-to-windows-server
Got a hint for this old thread: https://lists.openswan.org/pipermail/users/2013-July/022547.html
Seems that maybe also a
"I also make it my habit to make leftprotoport 17/%any instead of 17/1701"
could solve my issue.
But completely unclear to me where (or how) to set this "leftprotoport" param:
- Following strongswan's wiki (https://wiki.strongswan.org/projects/strongswan/wiki/IpsecConf) I've found that /etc/ipsec.conf seems to be the relevant config file.
FYI, only commented lines on my OpenSuse system, never changed manually before:
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
#conn sample-self-signed
# leftsubnet=10.1.0.0/16
# leftcert=selfCert.der
# leftsendcert=never
# right=192.168.0.2
# rightsubnet=10.2.0.0/16
# rightcert=peerCert.der
# auto=start
#conn sample-with-ca-cert
# leftsubnet=10.1.0.0/16
# leftcert=myCert.pem
# right=192.168.0.2
# rightsubnet=10.2.0.0/16
# rightid="C=CH, O=Linux strongSwan CN=peer name"
# auto=start
- Tried to add the following to /etc/ipsec.conf
conn %default
leftprotoport=udp/%any
- didn't change my issue.
As I'm using NetworkManager, KDE/Plasma, for the vpn connection, it's completely unclear to me how the "interaction" between a "conn" in /etc/ipsec.conf and NetworkManagers connections, stored in /etc/NetworkManager/system-connections, is. Seems to be that NetworkManager generates runtime-only configs, I'm not even able to increase debug levels. Drawbacks of user friendlyness - if it works :)
Any hints would be great,
thanks in advance,
Michael
P.S.: Maybe of interest:
zypper se -iv swan
Loading repository data...
Reading installed packages...
S | Name | Type | Version | Arch | Repository
---+------------------+---------+------------------+--------+------------------
i+ | strongswan-ipsec | package | 5.8.2-lp152.1.39 | x86_64 | openSUSE-15.2 OSS
i | strongswan-libs0 | package | 5.8.2-lp152.1.39 | x86_64 | openSUSE-15.2 OSS
zypper se -iv l2tp
Loading repository data...
Reading installed packages...
S | Name | Type | Version | Arch | Repository
---+---------------------------+---------+------------------+--------+------------------
i+ | NetworkManager-l2tp | package | 1.8.0-lp152.1.41 | x86_64 | openSUSE-15.2 OSS
i+ | NetworkManager-l2tp-gnome | package | 1.8.0-lp152.1.41 | x86_64 | openSUSE-15.2 OSS
i | NetworkManager-l2tp-lang | package | 1.8.0-lp152.1.41 | noarch | openSUSE-15.2 OSS
i | plasma-nm5-l2tp | package | 5.18.5-lp152.2.1 | x86_64 | openSUSE-15.2 OSS
i | xl2tpd | package | 1.3.10-lp152.3.7 | x86_64 | openSUSE-15.2 OSS
i+ | xl2tpd-doc | package | 1.3.10-lp152.3.7 | x86_64 | openSUSE-15.2 OSS
More information about the Users
mailing list