[Openswan Users] could not understand problem guess i am going to loose my job

Jacco de Leeuw jacco2 at dds.nl
Thu Feb 24 12:12:30 CET 2005

rohit sahi wrote:

> I want to setup the road warrior setup with l2tp  and psk . an ip
> address address will be given to the client.

OK, so you want to use L2TP over IPsec. And a virtual IP address from the network should be assigned to the client through L2TP.

> the problem is the psk is compared and choosen properly. but before
> the new tunnel is made the rekey event is fired

I don't understand what you mean with this. Does it work, briefly or none
at all? What events does the client see?

> for your reference i am here by attatching my /var/log/secure and barf output.

There is a lot of debugging output there (better post it to some website or
at least compress the files). There are some strange things
(EVENT_CRYPTO_FAILED, ASSERTION FAILED) which I leave to others but here
are some other comments:

 > config setup
 >        virtual_private=%v4:,%v4:,%v4:

Your internal subnet should be excluded, i.e.:

 > conn roadwarrior-l2tp-updatewin
 >        leftprotoport=17/0

This should be leftprotoport=17/1701 for XP clients with SP2 or
Q818043 installed.

 >        rightprotoport=17/1701
 >        also=roadwarrior
 > conn roadwarrior
 >        pfs=no
 >        left=
 >        leftnexthop=
 >        right=%any
 >        rightsubnet=vhost:%no,%priv
 >        auto=add
 > conn %default
 >        authby=secret
 > /etc/ipsec.secrets:
 >  %any : PSK "[sums to f644...]"

You are trying to use a Preshared Key for Road Warriors. This might or might
not work but I would suggest you start with a fixed IP address for the client.
I.e. replace %any with (or whatever IP address your XP client

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list