[Openswan Users] ipsec/l2tp Windows (yes again)

Trevor Benson tbenson at a-1networks.com
Mon Apr 24 22:36:44 CEST 2006

On Monday, April 24, 2006 9:26 PM Paul Wrote

>For nat-t, there is no rightsubnet=vhost:%priv,%no
>If you add that, and it still does not work, try adding type=transport.
>If it then still fails, double check Windows is doing X.509 and not

I added the rightsubnet and it complained about %any, so I set the
static addresses back to %any in the connection and the secrets.   I get
the same error however as before.  The part that stands out is it tosses
an error about the gateway itself. Below is that error, I almost
remember reading something specific (and stupidly misconfigured) when
this error appears.

 Apr 24 13:26:02 office1 pluto[6237]: "tbenson"[1] #35:
cannot respond to IPsec SA request because no connection is known for[C=US, ST=California, L=Santa Rosa, O=ClearTunnel,
E=ca-admin at cleartunnel.net]:17/1701...[C=US, ST=California,
L=Santa Rosa, O=ClearTunnel, CN=tbenson.vpn.cleartunnel.net,
E=mumble at mumble.net]:17/1701

Oh and as for testing the PSK cert thing, when I attempted to set a PSK
in the windows client previously the errors in the log were related to
the certificate installed and not having a valid entry for it, so I
ripped out the PSK and changed the secrets and the connection back to
using the certificate I already had installed from linsys.  Not sure but
it appears that if you have a certificate installed that the client
doesn't bother to use the defined PSK? Go figure....


Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list