<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hello I've red <a href="https://lists.openswan.org/pipermail/users/2011-January/019949.html">here</a> and <a href="http://comments.gmane.org/gmane.network.openswan.user/20373">here</a> about troubles matching other connections exept the one that is first in the list when I use forceencaps=yes because MacOS requires that to connect behind NAT. But Windows clients refuse to connect if there is forceencaps=yes in the config.<div><br></div><div><br></div><div>I can't make all clients to be happy and connect just fine - either Windows is connecting fine and Mac can't or the opposite.</div><div><br></div><div>Here is my ipsec.conf, one of them I try many variations of the config options and order but always end up with the above result. </div><div><br></div><div><div># basic configuration</div><div>config setup</div><div> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey</div><div> protostack=netkey</div><div> nat_traversal=yes</div><div> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12</div><div> oe=off</div><div> # Enable this if you see "failed to find any available worker"</div><div> # nhelpers=0</div><div><br></div><div>#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.</div><div>#include /etc/ipsec.d/*.conf</div><div><br></div><div>conn %default</div><div> <span class="Apple-tab-span" style="white-space:pre"> </span>dpddelay=15</div><div> dpdtimeout=30</div><div> dpdaction=clear</div><div> </div><div>conn WIN-L2TP-PSK-NAT</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightsubnet=vhost:%no,%priv</div><div> leftprotoport=17/1701 # here I try 0 for Windows XP and %any for matching both old and new WinOS'es </div><div> rightprotoport=17/1701</div><div> also=L2TP-PSK-noNAT</div><div><br></div><div>conn APPLE-L2TP-PSK-NAT</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightsubnet=vhost:%no,%priv</div><div> forceencaps=yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftprotoport=17/1701</div><div> rightprotoport=17/%any</div><div> also=L2TP-PSK-noNAT</div><div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div>conn L2TP-PSK-noNAT</div><div> authby=secret</div><div> pfs=no</div><div> rekey=no</div><div> type=tunnel</div><div> keyingtries=3</div><div> left=ServerIPAddress</div><div> leftnexthop=%defaultroute</div><div> right=%any</div><div> rightsubnetwithin=0.0.0.0/0</div><div> auto=add</div></div><div><br></div><div><br></div><div>I'm not experienced in using ipsec, can you pleas advise me what is the solution? </div><div><br></div><div>I'm ruining on CentOS 6.2 x64, I try with "<b>openswan.x86_64 0:2.6.32-12.el6_2"</b> and also compile form source <b>v.2.6.38</b>, end up with the same results. </div><div><br></div><div>Any help will be appreciate!</div><div><br></div><div>Best regards,</div><div>Martin </div></body></html>