On 11/26/2021 9:25 PM, Paul Wouters wrote:
On Fri, 26 Nov 2021, Mirsad Goran Todorovac wrote:
After trying with our CARNet NOC people, they have changed something
on firewalls and the L2TP-PSK-noNAT
configuration now works! I have filed the Windows 10 error 809
problem, and docs say it was most likely
the firewall or the interim network equipment, and it was ...
I have waster 5 days on this, it appears that ever since the
connection started working in the café on their wireless
network and your rightsubnet=vhost:%no suggestion.
I apologize for all the inconvenience I caused you. Fortunately,
there are not so many troubled admins on the
planet 😁.
Thanks for letting us know! We don't always get the positive feedback to
know an issue was resolved and not a bug on our end.
It seemed like a netizen thing to do, not to let a connection linger 😉
I will now try if the IKEv2 with RSA connection was also bugged with
our firewall. You have suggested that
IKEv1 L2TP with IPSEC and transport mode was deprecated, but I had to
have something working to start with.
Makes sense. It will just be less painful going forward to use IKEv2.
For instance, if you end up with two devices behind the same NAT, your
L2TP/IPsec will not work for them due to Transport Mode. So yes, do try
and use IKEv2 instead.
You still sound like Greek to me, but I am on to reading more docs on
the matter. Unfortunately, despite the
increased use of VPNs in work from home COVID times, there is little
relevant information on Google search.
Thank you once again for all your help. You have been very
supportive. I seem to have started to really like
libreswan. It has some excellent ideas for network FSAs to work.
Thanks for your kind words. We try to have a vibrant community where
people help each other. It is the way[tm] :)
Well, I've read in your Code of conduct that you embrace all nations and
religions, which is something
I haven't experienced often in this ethnic wars and cleansing torn
Balkans ...
Somehow, I feel you are more a neighbor to me like a netizen than most
of my physical proximity
citizens.
The session logs show how your engine works under the hood, and though I
don't understand it all,
I am beginning to like it and admire its power. I was told that this
network staff can be an exciting and
promising career in IT. I have always shunned networks as something
higher than me, and now
libreswan and your assistance allowed me to go from zero to a working
installation for Windows
and Android native clients in less than a week.
I feel grateful to God for this opportunity, I feel that someone Above
loves me.
I really need now to make VPN do some useful work, like connecting to a
Windows Server or
user machine via RDP.
By now, I have only a 255.255.255.255 network and a client that sees
itself and gateway.
On the other institution, I have assigned a subnet 192.168.100.0/24 and
it works at least as
a proxy when browsing.
On the other faculty, I have tried to place VPN connected client on an
existing 161.53.83.0/24
subnet where the Windows Server resides. I am only beginning to realize
that xl2ptd is not DHCP
agent and that it is actually a modified PTPP connection, but a new
network "ppp0". It requires
routing and I need to place an automatic route, but it may be impossible
if two networks are
called 161.53.83.0/24 and ip range = 161.53.83.230-161.53.83.253?
I would also require a route to 10.0.0.0/8 local Intranet subnet in
order for people to work from
home on their Faculty computers over the VPN.
When I graduated in 1993, it had not yet been invented, and I wonder if
they are learning it now
at my Faculty of graduation?
Sorry for the long email. It helps me crystalize my thoughts. Browsing
session logs for a week in
vain sort of drained my mental powers, but I hope it will be worth it in
the long run 😁.
All the best in your project, and may my kind words not be just words.
If you allow me, I can pray
for your project.
Kind regards,
Mirsad
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
