[Openswan Users] L2TP Windows XP Client with openswan
paul at xelerance.com
Mon Jan 31 14:14:06 CET 2005
On Mon, 31 Jan 2005, Urmo wrote:
> 192.168.1.X(ClientXP) <-> 192.168.1.1/Some.Public.Address(Router, sometimes
> fw) <-> Internet <->Some.Public.Address/192.168.0.1(Openswan on fw) <->
> Office LAN
Here you have a left and rightsubnet which are identical. The subnet cannot be
at both ends, it can only be on one end.
> :: "mwxusers" 18.104.22.168:64978 #1: Main mode peer ID is ID_FQDN:
> :: "mwxusers" 22.214.171.124:65042 #1: cannot respond to IPsec SA
> request because no connection
> is known for
> :: complete state transition with (null)
> :: "mwxusers" 126.96.36.199:65042 #1: sending encrypted notification
> INVALID_ID_INFORMATION to
> config setup
First, you are not excluding 192.168.0.0/24 from the valid nat_traversal range, so
this is the third place where 192.168.0.0/24 sort of lives!
> conn mwxusers
This is the clash that cannot work. Also, please do not use the subnetwithin syntax,
as this is obsoleted by the vhost syntax.
but the authentication problem I think is due to not having the proper PSK secret
in /etc/ipsec.secrets. Since you sent an id of "@it.hq.mwx.ee", this needs to match
in the ipsec.secrets file,eg:
188.8.131.52 @it.hq.mwx.ee :PSK "thesecret"
Or you can try to put the IP in there as well:
184.108.40.206 220.127.116.11 @it.hq.mwx.ee :PSK "thesecret"
But your fundamental problem is the subnet that lives everywhere.
More information about the Users