[Openswan Users] Connecting to Openswan from Windows XP Pro

John A. Sullivan III jsullivan at opensourcedevel.com
Thu Jul 21 09:42:09 CEST 2005

On Wed, 2005-07-20 at 11:38 -0400, Tim P wrote:
> Ok I have seen multiple threads and have been through google but I
> haven't been able to figure it out.
> I am trying to use the standard setup in windows xp pro to get a vpn
> connection functioning (ipsec over L2TP)
> I created a certificate (p12 format) from my certificate authority.
> Imported it into windows using the MMC method described here:
> http://www.natecarlson.com/linux/ipsec-x509.php
> The server is also configured with that site's config as a template
> However instead of downloading the 3rd party ipsec client I was hoping
> that I could use the built-in windows vpn client.  I am running xp
> professional with sp2 and the firewall disabled.
> I create a new vpn connection to the server by going to start/control
> panel/network connections
> Add New Connection
> Choose to "Connect to the network at my workplace"
> Choose "Virtual Private Network connection"
> Enter the companyname
> Choose not to dial the initail connection
> Enter the ip address of the vpn server ( - my test network)
> Choose to leave it as "My Use only"
> Finish the wizard
> When the box opens (prompts for username/pass) click Properties
> On the Options tab uncheck "prompt for username, password, certificate, etc)
> On the Security tab leave as typlical but uncheck "require data encryption"
> on the Networking tab under the VPN heading change it to L2TP IPSEC VPN 
> When I try to connect I get "Security Negotiation Timed out"
I've only had a chance to quickly look at this but I would suspect 

cannot respond to IPsec SA request because no connection is known
for[C=US, ST=Washington, L=Seattle, O=company,
OU=Support, CN=redguard.company.net,
E=user at company.com]:17/1701...[C=US, ST=Washington,
L=Seattle, O=company, OU=Support, CN=machine.company.com,
E=email at company.com]:17/1701

is your problem.  It doesn't like something in that definition.  Either
the DN, protocols or addresses.  For example, what is your leftsubnet?

Hope this helps - John
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

If you would like to participate in the development of an open source
enterprise class network security management system, please visit

More information about the Users mailing list