• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

FreeS/WAN L2TP Cert issues, anyone have experience?

I

InlineFive

Diamond Member
Hello everyone,

I am having problems getting L2TP to work between a firewall running FreeS/WAN and Microsoft L2TP clients. With PSK and NAT-T enabled the connection works just fine. But once I switch over to a Roadwarrior connection, no NAT-T, Certificates and MS_DEFAULT policy it goes down the drain.

I've read and reread all of the instructions from FreeS/WAN and other sources without luck. And I've installed the KB907865 SP2 L2TP patch. Thanks in advance.
 
All I know about certs is that the common name has to be a fully qualified domain name. So make sure that reverse DNS works and all that so that you know your DNS stuff is configured absolutely correctly. Just a shot in the dark.

the only other thing I know is that I realy like OpenVPN. It's NAT friendly and is uses regular SSL/TLS for traffic encryption. Also it's a lot more simplier to setup, but obviously it may not work for you. I think it will even work through http proxies. Anybody who has web access should be able to get a vpn running.

Otherwise that's about it.

Also you may want to check out Openswan instead of Freeswan. Freeswan is effectively a dead project.. OpenSwan is were a lot of the freeswan developers went off to work on and it is continiously being updated and probably is easier to get help with their mailing lists and such.

Sorry I couldn't be more helpfull.
 
Some help is better then no help, thanks. 🙂

Since I only have a Dynamic IP I am using DynDns.com to help. How would I name the certs since I am using DynDns?
 
Well I don'[t know a whole lot how Freeswan or IPsec works in this situation, but if it's just SSL-style certifications then the common name has to be dns name you use when your outside your network and you want to access it. I think that this is what they are talking about when your trying to setup X.509 ccertifications.


So if you are accassing your VPN server via a port forwarded through a NAT firewall and you use something like 'wacky.unix-home.org' to access it remotely.. then that would be your common name (or just 'cn') in the certification you have to generate.

but I don't know if this if your problem or anything like that. i know that it is just a common issue with dealing with stuff like X.509 certs.

Also I don't know if you have software that requires you using a specific version of Freeswan or whanot, just keep in mind that it's a dead project and OpenSwan and StrongSwan are forks from it and are very active. So that would be the place to get definate help, from their mailing lists and such.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top