[Openswan Users] another roadwarrior problem

Jacco de Leeuw jacco2 at dds.nl
Sat Feb 12 12:53:59 CET 2005

Dominik Schmid wrote:

> I have a Linux Machine with a interface and one virtual ip address:
> gateway -----(virtual ip)- 
> linux-box x.x.x.1 ----------------------------- x.x.x.15

It is probably safer to mask out your public IP addresses. There are
cases where security through obscurity is better :-).

> cannot respond to IPsec SA request because no connection is known for
>[C=CH, ST=anywhere, L=anywhere, O=dominik, OU=dominik, 
> CN=Dominik Schmid, E=dominik_schmid at gmx.ch]:17/0...[C=CH, 
> ST=anywhere, L=anywhere, O=client, OU=client, CN=client, E=client]:17/1701

You are attempting to connect from XP with an L2TP/IPsec connection.
That is what you want? You'll need an L2TP daemon then too.

>        virtual_private=%v4:,%v4:,%v4:

You probably need to exclude your own internal subnet, i.e. change it to:


(all on one line)

> conn roadwarrior-l2tp
>        type=transport
>        left=%defaultroute
>        leftcert=dominik.schmid.ch.pem
>        leftprotoport=17/1701
>        right=%any
>        rightprotoport=17/1701
>        pfs=no
>        auto=add
> conn roadwarrior-l2tp-oldwin
>        left=%defaultroute
>        leftcert=dominik.schmid.ch.pem
>        leftprotoport=17/0
>        right=%any
>        rightprotoport=17/1701
>        rightsubnet=vhost:%no,%priv
>        pfs=no
>        auto=add

I think you copied this from Nate Carlson's instructions
but the 'roadwarrior-l2tp' connection could need the line
'rightsubnet=vhost:%no,%priv' too. Nate, could you update this?

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list