[Openswan Users] Win XP SP2 and NAT + OS 2.3.1
Jacco de Leeuw
jacco2 at dds.nl
Mon May 30 17:46:20 CEST 2005
Fabien Tivolle wrote:
> ---2- Jacco
> I did the update on my lab setup. No changes. Here is the update of my
> barf and configuration:
> conn %default
> keyingtries=5
> compress=no
This is the problem:
May 30 08:56:39 nposesdev ipsec__plutorun: ipsec_auto: fatal error
in "L2TP-cert-xpe2": (/etc/ipsec.conf, line 16) unknown parameter
name "compression"
May 30 08:56:39 nposesdev ipsec__plutorun: ...could not add conn
"L2TP-cert-xpe2"
Looks like you modified compression=yes to compress=yes but forgot
to restart pluto. The connection for L2TP-cert-xpe2 then failed to
load which resulted in:
initial Main Mode message received on 192.168.204.101:500 but no
connection has been authorized
I would recommend against using compress=yes in conn %default. I understand
there are some interoperability issues with some IPsec peers. It's better to
enable compression only for those connections you are sure of. Windows does
not support it anyway.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list