Find the answer to your Linux question:
Results 1 to 8 of 8
I have a Debian system running openswan with ipsec and xl2tp. This is configured for PSK right now. My iPhone can log on to the VPN with no problem and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2010
    Posts
    8

    [SOLVED] OpenS/WAN IPSEC/L2TP


    I have a Debian system running openswan with ipsec and xl2tp. This is configured for PSK right now. My iPhone can log on to the VPN with no problem and negotiate L2TP. None of my windows systems can start the L2TP part. If I tail the sys log when a windows computer tries to connect, there is no activity. Even when debug packet and running with the -D. (The log looks normal for the phone). When tailing the auth log, I can't see any thing that stands out. I am not even sure what level of debug I should look for on the ipsec.conf to start.

    The phone and the computers are using the same WIFI.

    What is the key difference between IPSEC/L2PT on the iPhone and Windows?

    I can post my conf files and/logs if anyone wants to look.

    Thanks
    Tim
    Last edited by tsmarks; 11-04-2010 at 11:56 PM.

  2. #2
    Just Joined!
    Join Date
    Nov 2010
    Posts
    8
    I did find in the control debug a difference:

    state object #123 found, in STATE_MAIN_R3
    processing connection MY_CONN[1] 192.168.1.1
    peer client is 192.168.1.109
    peer client protocol/port is 17/49815

    our client is xxx.xxx.xxx.xxx........

    The stuff in red is on the working system. It is omited from the not working... That might be the iOS using high non-standard ports. I dont know.

  3. #3
    Just Joined!
    Join Date
    Nov 2010
    Posts
    8
    With parsing debug info, I also found the third from the last line in the authlog from the working system is:

    kernel_alg_esp_info():........

    it is missing all together from the non-working

  4. $spacer_open
    $spacer_close
  5. #4
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    Quote Originally Posted by tsmarks View Post
    With parsing debug info, I also found the third from the last line in the authlog from the working system is:

    kernel_alg_esp_info():........

    it is missing all together from the non-working
    Hello and Welcome.
    I just wanted to let you know that we are reading your posts but most people including me, have no experience with Iphones/OpenS/WAN.
    Does your last statement mean that you got it working?
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

  6. #5
    Just Joined!
    Join Date
    Nov 2010
    Posts
    8
    No luck, yet. The iPhone works fine; it is the windows clients that fail. Normally it is the other way...

  7. #6
    Just Joined!
    Join Date
    Nov 2010
    Posts
    8
    Not to keep bumping my own...

    I tried the VPN with a OSx Leopard and it works fine. Only Windows XP, Vista and 7 fail.

  8. #7
    Just Joined!
    Join Date
    Nov 2010
    Posts
    8
    OK... Solved. I might be a bit embarrassed, but will share in case others follow.

    In my situation my VPN is double NATed.

    VPN Server<---->Router (NAT)<---->internet<----->Router (NAT)<------->Client

    I checked to make sure all my Windows clients had the updates required for NAT-T...<embarrassing> I did not activate the feature </embarrassing>

    Articles 818043 (XP) and 926179 (Vista) explain how to configure Windows to handle a double NATed VPN.
    Basically:
    Add a Dword key in
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IPsec
    Named:
    AssumeUDPEncapsulationContextOnSendRule
    and set the value to 2

    I hope my stupidity will aid others.... Thanks to all who tried to help me.

    Tim

  9. #8
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    Thanks for posting the solution, it may helps someone else, you just never know. You got 102 views so far, so someone is interested.
    I'm gonna mark it as solved.
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •