[Openswan Users] Error IPsec/L2tp connection

Jacco de Leeuw jacco2 at dds.nl
Tue Mar 29 00:07:42 CEST 2005

rodrigo nobrega wrote:

> i have a ipsec connection working and im trying setup
> a L2tp/ipsec connection behind NAT.

So the L2TP/IPsec server is NATed? This is not supported yet.
You may have to wait for Openswan 2.3.1. There is however a
patch by Bernd Galonska. See also:

> when i ping 10.x.x.x using MM ipsec tools all work
> fine but, when i do ipsec -off  and use l2tp/ipsec
> connection from winxp i dont have response.

If you have been using Marcus Mueller's IPSEC.EXE tool,
you may have disabled the automatic L2TP/IPsec policy.
to re-enable it.

> Where i can see l2tp logs??

They are in /var/log/messages. I have no idea where you can find
L2TP logs on Windows clients. For enabling PPP logging, see:

> virtual_private=%v4:,%v4:,%v4:

Perhaps you need to exclude your internal subnet here? I.e. add:
... , %v:!192.168.x.0/24

> Mar 28 10:21:49 vpn pluto[3343]: "roadwarrior-net"[2]
> #1: cannot respond to IPsec SA request
> conn roadwarrior-net
>         leftsubnet=
>         also=roadwarrior

I don't know why it wants to use this particular connection.
If it is interfering you should disable it.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list