>>I also applied the X.509 patches ... but, haven't gotten X.509 to >>work. How did you do it? because I've got it working, having followed Nat Carlson document.
Dom -----Original Message----- From: Dossy [mailto:[EMAIL PROTECTED]] Sent: 09 January 2003 13:18 To: David LIBAULT Cc: [EMAIL PROTECTED] Subject: Re: rp-l2tp On 2003.01.09, David LIBAULT <[EMAIL PROTECTED]> wrote: > > I'm doing IPSec/L2TP from a WinXP Home client to a ix86 Linux 2.4.20 > > server running FreeSWAN and rp-l2tp over a wireless link using a Linksys > > WUSB11-V26. This setup was FAR from easy to get working. > > Can you tell me (us) what version of FreeSWAN you are using and your > ipsec.conf file ? # ipsec --version Linux FreeS/WAN U1.96/K1.99 I also applied the X.509 patches ... but, haven't gotten X.509 to work. Here's my /etc/ipsec.conf: ==8<=snip=================================================== # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. # interfaces=%defaultroute interfaces="ipsec2=eth2" # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes # defaults for subsequent connection descriptions # (mostly to fix internal defaults which, in retrospect, were badly chosen) conn %default keyingtries=1 disablearrivalcheck=no keyexchange=ike ikelifetime=240m keylife=60m pfs=yes compress=no authby=secret conn L2TP-PSK authby=secret pfs=no left=192.168.3.1 right=%any keyingtries=3 auto=add ==8<=snip=================================================== My /etc/ipsec.d looks like this: ==8<=snip=================================================== # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. # Unsafe, pre-shared key (PSK) 192.168.3.1 %any : PSK "--my-preshared-key-here--" ==8<=snip=================================================== (Yes, I know about all the problems of preshared keys, but as I said, I couldn't get certs working even after applying the X.509 patches.) > > It still doesn't work 100% -- I can't get the WinXP to do Windows SMB > > file sharing over the VPN link. I think this might be a limitation in > > WinXP, and not a mistake in my configuration though. If anyone has > > gotten SMB working over VPN with WinXP Home as the client ... please, > > let me know! ;-) > > Do you have samba runing on your Linux Box ? Have you sent the IP of your > linux box to WinXP using the ms-wins option of pppd ? Yes, Samba is running on the Linux box and works fine for my Win98 SE and WinXP Home clients that are on the wired LAN. It's just the WinXP Home client on the wireless LAN coming in over IPSec/L2TP that doesn't work. Lets say that the client after IPSec/L2TP shows up on the LAN as 10.6.113.129. If, from the Linux box, I try to "telnet 10.6.113.129 139", the WinXP Home box refuses connection. It might be some ICF (Internet Connection Firewall) setting that needs to be tweaked, but I have the checkbox unchecked for the VPN connection. It appears that WinXP Home just won't bind to the IP that the L2TP session establishes. Maybe I'll need to tell WinXP Home to do NAT on the VPN link ... I didn't set the ms-wins option of pppd though. I'll try that. Thanks for the suggestion. -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70)
