[Openswan Users] Windows2k/XP L2TP/IPSec client
Nate Carlson
natecars at natecarlson.com
Sat Mar 6 10:11:56 CET 2004
On Fri, 5 Mar 2004, Trevor Benson wrote:
> 15:20:20 pluto[21647] "Roadwarrior01"[4] 209.148.105.71 #4: cannot respond to IPsec SA request because no connection is known for 64.142.54.112[C=US, O=A1Networks, CN=ipsec.a-1networks.com]:17/0...209.148.105.71[C=US, O=A1Networks, CN=TrevorBenson]:17/1701
This is saying that it's looking for a connection between 64.142.54.112/32
protocol udp (17) port 0 (iirc, means any), and 209.148.105.71/32 protocol
udp (17) port 1701 (l2tp). Your config file doesn't specify specific
ports/protocols to allow (it requires a connection that just allows all of
them), so it's rejecting the connection.
> Here is the IPSec.conf entries:
>
>
> conn Roadwarrior02
> left=64.142.54.112
> leftnexthop=%defaultroute
> leftsubnet=192.168.169.0/255.255.255.0
> leftcert=/var/ipcop/certs/hostcert.pem
> right=0.0.0.0
> rightcert=/var/ipcop/certs/Roadwarrior02cert.pem
> pfs=no
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
> authby=rsasig
> auto=add
IIRC, You need to add:
leftprotoport=17/0
rightprotoport=17/1701
Give that a shot! I believe you can also replace the port numbers with
%any now, if you want to connect from a Mac OS X box.
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list