<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#333333">
Hi,<br>
<br>
I've removed leftsubnet entry and added left= entry. But it still
doesn't works :'(<br>
Any other idea ?<br>
<br>
Thanks for your help.<br>
<br>
Reza ISSANY<br>
<br>
Paul Wouters a écrit :
<blockquote
cite="midPine.LNX.4.63.0611230412510.21469@tla.xelerance.com"
type="cite">
<pre wrap="">On Tue, 21 Nov 2006, Reza ISSANY wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Nov 21 20:54:33 sd-5193 pluto[25568]: "roadwarriorxp"[2] 82.236.77.42:12568
#1: cannot respond to IPsec SA request because no connection is known for
88.191.35.181:4500[C=FR, ST=HOST, O=Internet Widgits Pty Ltd,
CN=integration]:17/1701...82.236.77.42:12568[C=FR, ST=HOST, O=Internet Widgits
Pty Ltd, CN=integration]:17/%any
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap="">conn roadwarriorxp
keyingtries=1
compress=no
authby=rsasig
leftrsasigkey=%cert
leftcert=/data/openswan/etc/ipsec.d/certs/newcert.pem
leftprotoport=17/1701
leftsubnet=172.16.7.0/16
leftnexthop=88.191.35.1
</pre>
</blockquote>
<pre wrap=""><!---->
add an entry for left=
remove leftsubnet. It is wrong. For L2TP/IPsec, a host-host tunnel is build, and no
subnet= should be specified. The "rightsubnet=" is used for the NAT-T hack, it is
not a "real" subnet.
</pre>
<blockquote type="cite">
<pre wrap="">The keys negociations starts, but the l2tpd authentication doesn't seems to
work.
</pre>
</blockquote>
<pre wrap=""><!---->
IPsec does not complete. You never even get to send l2tp packets.
Paul
</pre>
</blockquote>
<br>
</body>
</html>