[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: [Openswan Users] Questions about my ipsec.conf config for Android, iOS, and Windows7 roadwarriors
From: users-bounces () lists ! openswan ! org
Date: 2013-09-20 18:07:41
Message-ID: mailman.62.1379700461.2700.users () lists ! openswan ! org
[Download RAW message or body]
Rescued from the Spam bucket. Please remember to subscribe to the mailing list \
before posting to it.
From: Lawrence Chiu <Lawrence_Chiu_TX3@yahoo.com>
Subject: Questions about my ipsec.conf config for Android, iOS, and Windows7 \
roadwarriors
Date: 20 September, 2013 2:05:19 PM EDT
To: users@lists.openswan.org
I was following the setup tutorial to set up a Openswan L2TP-IPSEC with PSK at this \
link: http://samsclass.info/ipv6/proj/proj-L5-VPN-Server.html
The /etc/ipsec.conf file looks like this. I used the example provided, changing only \
the line "left=YOUR.SERVER.IP.ADDRESS" to "left=192.168.0.50" which is the eth0 of my \
server. Everything else was the same.
=== /etc/ipsec.conf
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=YOUR.SERVER.IP.ADDRESS
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
===
It does not work as-is with an Android client. The first question is regarding the \
line "rightsubnet=vhost:%priv". If I delete that line, it works with Android. What \
is the implication of removing this line?
The second question is regarding an iPad client. It doesn't work at all, unless I \
added: "forceencaps=yes" and "dpdaction=clear". What do these do?
The third and last question is regarding a Windows 7 client. It does not work at \
all, even after the registry hack here: http://support.microsoft.com/kb/926179/en-us \
I set AssumeUDPEncapsulationContextOnSendRule=2 in \
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\ which meant: A \
value of 2 configures Windows so that it can establish security associations when \
both the server and the Windows Vista-based or Windows Server 2008-based VPN client \
computer are behind NAT devices.
But it still doesn't work, giving out an error code 809.
Error Description: 809: The network connection between your computer and the VPN \
server could not be established because the remote server is not responding. This \
could be because one of the network devices (e.g, firewalls, NAT, routers, etc) \
between your computer and the remote server is not configured to allow VPN \
connections. Please contact your Administrator or your service provider to determine \
which device may be causing the problem.
So the last question is how to get Windows 7 to work. Thank you.
[Attachment #3 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html \
charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; -webkit-line-break: after-white-space; "><div style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span \
style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, \
1.0);"><b>Rescued from the Spam bucket. Please remember to subscribe to the \
mailing list before posting to it.</b></span></div><div style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span \
style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, \
1.0);"><b><br></b></span></div><div style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; \
font-size:medium; color:rgba(127, 127, 127, 1.0);"><b><br></b></span></div><div \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, \
127, 1.0);"><b>From: </b></span><span style="font-family:'Helvetica'; \
font-size:medium;">Lawrence Chiu <<a \
href="mailto:Lawrence_Chiu_TX3@yahoo.com">Lawrence_Chiu_TX3@yahoo.com</a>><br></span></div><div \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, \
127, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica'; \
font-size:medium;"><b>Questions about my ipsec.conf config for Android, iOS, and \
Windows7 roadwarriors</b><br></span></div><div style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; \
font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Date: </b></span><span \
style="font-family:'Helvetica'; font-size:medium;">20 September, 2013 2:05:19 PM \
EDT<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: \
0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; \
color:rgba(127, 127, 127, 1.0);"><b>To: </b></span><span \
style="font-family:'Helvetica'; font-size:medium;"><a \
href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br></span></div><br><br>I \
was following the setup tutorial to set up a Openswan L2TP-IPSEC with PSK at this \
link:<br><a href="http://samsclass.info/ipv6/proj/proj-L5-VPN-Server.html">http://samsclass.info/ipv6/proj/proj-L5-VPN-Server.html</a><br><br>The \
/etc/ipsec.conf file looks like this. I used the example provided, changing \
only the line "left=YOUR.SERVER.IP.ADDRESS" to "left=192.168.0.50" which is the eth0 \
of my server. Everything else was the same.<br><br>=== \
/etc/ipsec.conf<br>version 2.0<br>config setup<br> \
nat_traversal=yes<br>virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<br> \
oe=off<br> protostack=netkey<br><br>conn \
L2TP-PSK-NAT<br> rightsubnet=vhost:%priv<br> \
also=L2TP-PSK-noNAT<br><br>conn L2TP-PSK-noNAT<br> \
authby=secret<br> pfs=no<br> \
auto=add<br> keyingtries=3<br> \
rekey=no<br> ikelifetime=8h<br> \
keylife=1h<br> type=transport<br> \
left=YOUR.SERVER.IP.ADDRESS<br> \
leftprotoport=17/1701<br> right=%any<br> \
rightprotoport=17/%any<br>===<br><br>It does not work as-is with an \
Android client. The first question is regarding the line \
"rightsubnet=vhost:%priv". If I delete that line, it works with Android. \
What is the implication of removing this line?<br><br>The second question is \
regarding an iPad client. It doesn't work at all, unless I added: \
"forceencaps=yes" and "dpdaction=clear". What do these do?<br><br>The third and \
last question is regarding a Windows 7 client. It does not work at all, even \
after the registry hack here: http://support.microsoft.com/kb/926179/en-us<br>I set \
AssumeUDPEncapsulationContextOnSendRule=2 in \
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\<br>which meant: A \
value of 2 configures Windows so that it can establish security associations when \
both the server and the Windows Vista-based or Windows Server 2008-based VPN client \
computer are behind NAT devices.<br><br>But it still doesn't work, giving out an \
error code 809.<br>Error Description: 809: The network connection between your \
computer and the VPN server could not be established because the remote server is not \
responding. This could be because one of the network devices (e.g, firewalls, NAT, \
routers, etc) between your computer and the remote server is not configured to allow \
VPN connections. Please contact your Administrator or your service provider to \
determine which device may be causing the problem.<br><br>So the last question is how \
to get Windows 7 to work. Thank you.<br><br><br><br></body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic