[Openswan Users] ipsec/l2tp Windows (yes again)

Paul Wouters paul at xelerance.com
Tue Apr 25 07:26:08 CEST 2006

On Mon, 24 Apr 2006, Trevor Benson wrote:

> but not for about 10 months.  I just rebuilt the latest fedora kernel of
> and openswan 2.4.5 with klips (patched the kernel for natt as
> well).  I have already used this certificate and connection string for
> non l2tp sessions, so I know the certificate is accepted with linsys
> ipsec client and this gateway before attempting l2tp with it.


> conn tbenson
>         leftcert=office1.ct.vpn.cleartunnel.net.cert
>         leftrsasigkey=%cert
>         leftprotoport=17/1701
>         rightprotoport=17/1701
>         right=
>         rightnexthop=%defaultroute
>         rightca=%same
>         rightid="C=US, ST=California, L=Santa Rosa, O=Mumble,
> CN=tbenson.vpn.Mumble.net, E=ca-admin at Mumble.net"
>         rightrsasigkey=%cert
>         authby=rsasig
>         auto=add

For nat-t, there is no rightsubnet=vhost:%priv,%no
If you add that, and it still does not work, try adding type=transport.
If it then still fails, double check Windows is doing X.509 and not

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list