[Openswan Users] openswan 2.2.0 and pocket pc 2003

Jacco de Leeuw jacco2 at dds.nl
Mon Dec 27 18:18:09 CET 2004

Tom wrote:

> Has anyone managed to connect a pocket pc 2003 to he openswan server via
> L2TP/IPSec?

Yes, I did. (With the Pocket PC emulator, that is).

> I have configured the server and windows xp clients
> (roadwarriors) are able to connect to (ppp authentication is CHAP only),

Pocket PC 2003 only supports MS-CHAPv1 and v2. Make sure you use pppd 2.4.2
or higher and add "require-chapms-v2" to /etc/ppp/options.l2tpd.

> no matter they are behind NAT or not. This works fine.
> But I am not able to connect a pocket pc 2003 client. I have even managed
> to import certificates (my CA and client cert + private key, so I don't
> use PSK), but connection fails during the l2tp establishment.

Perhaps it is easier to start with a PSK and without NAT-T.

> It seems a client tries to establish an l2tp session on and on,
> but the l2tp daemon cannot establish the connection (in the daemon.log:
>  'control_finish: Peer requested tunnel 3 twice, ignoring second one.' and
>  later: 'control_xmit: Maximum retries exceeded for tunnel 52239.  Closing.')
> I've pasted a part of the log at the end of my message.

The problem is not likely to be in L2TP but rather in PPP or IPsec. Have you
checked pppd's log messages? Are there any Openswan error messages?

> Can anyone help me, please? I haven't googled anything about this issue.

Did you read this page?

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list