[Openswan Users] ipsec/l2tp Windows (yes again)
Trevor Benson
tbenson at a-1networks.com
Mon Apr 24 22:36:44 CEST 2006
On Monday, April 24, 2006 9:26 PM Paul Wrote
>For nat-t, there is no rightsubnet=vhost:%priv,%no
>If you add that, and it still does not work, try adding type=transport.
>If it then still fails, double check Windows is doing X.509 and not
>PreSharedKey.
I added the rightsubnet and it complained about %any, so I set the
static addresses back to %any in the connection and the secrets. I get
the same error however as before. The part that stands out is it tosses
an error about the gateway itself. Below is that error, I almost
remember reading something specific (and stupidly misconfigured) when
this error appears.
Apr 24 13:26:02 office1 pluto[6237]: "tbenson"[1] 64.142.7.188 #35:
cannot respond to IPsec SA request because no connection is known for
64.142.21.254[C=US, ST=California, L=Santa Rosa, O=ClearTunnel,
CN=office1.ct.vpn.cleartunnel.net,
E=ca-admin at cleartunnel.net]:17/1701...64.142.7.188[C=US, ST=California,
L=Santa Rosa, O=ClearTunnel, CN=tbenson.vpn.cleartunnel.net,
E=mumble at mumble.net]:17/1701
Oh and as for testing the PSK cert thing, when I attempted to set a PSK
in the windows client previously the errors in the log were related to
the certificate installed and not having a valid entry for it, so I
ripped out the PSK and changed the secrets and the connection back to
using the certificate I already had installed from linsys. Not sure but
it appears that if you have a certificate installed that the client
doesn't bother to use the defined PSK? Go figure....
Trevor
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list