[Openswan Users] Creating Win XP vpn connection

peters at exemplar-associates.com peters at exemplar-associates.com
Tue Apr 25 17:58:18 CEST 2006 

=20
> The message on the client is  =22Error 792 The L2TP connection failed
> because security timed out=22.
>=20
> Previously I wasn't sure that packets were reaching the server but
> now I think they are. The problem seems to be the =22no suitable
> connection for peer=22 error. I am worried about the difference between
> S=3D and ST=3D

Doing more searching adn reading I found that the =22no suitable =
connection=22
error is due to the ipsec.conf (shown below).

Earlier I had commented some parts to try to locate the problem.

Any suggestions ?
=20
Regards,

Peter


=23 /etc/ipsec.conf - Openswan IPsec configuration file
=23 RCSID =24Id: ipsec.conf.in,v 1.15.2.1 2005/07/26 12:28:39 ken Exp =24

=23 This file:  /usr/share/doc/openswan/ipsec.conf-sample
=23
=23 Manual:     ipsec.conf.5


version=092.0=09=23 conforms to second version of ipsec.conf specification

=23 basic configuration
config setup
=09=23 plutodebug / klipsdebug =3D =22all=22, =22none=22 or a combation =
from below:
=09=23 =22raw crypt parsing emitting control klips pfkey natt x509 =
private=22
=09=23 eg:
=09=23 plutodebug=3D=22control parsing=22
=09=23
=09=23 Only enable klipsdebug=3Dall if you are a developer
=09=23
=09=23 NAT-TRAVERSAL support, see README.NAT-Traversal
=09=23 nat_traversal=3Dyes
=09=23 virtual_private=3D%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
=09interfaces=3D%defaultroute
=09nat_traversal=3Dno
=09=23=23virtual_private=3D%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0=
/12
=09virtual_private=3D%v4:192.168.0.0/16

=23 Add connections here

=23 sample VPN connection
=23=09conn sample
=23=09=09=23 Left security gateway, subnet behind it, nexthop toward right.
=23=09=09left=3D10.0.0.1
=23=09=09leftsubnet=3D172.16.0.0/24
=23=09=09leftnexthop=3D10.22.33.44
=23=09=09=23 Right security gateway, subnet behind it, nexthop toward left.
=23=09=09right=3D10.12.12.1
=23=09=09rightsubnet=3D192.168.0.0/24
=23=09=09rightnexthop=3D10.101.102.103
=23=09=09=23 To authorize this connection, but not actually start it,=20
=23=09=09=23 at startup, uncomment this.
=23=09=09=23auto=3Dstart
conn %default
=09keyingtries=3D1
=09compress=3Dyes
=09disablearrivalcheck=3Dno
=09authby=3Drsasig
=09leftrsasigkey=3D%cert
=09rightrsasigkey=3D%cert

=23conn roadwarrior-l2tp
=23=09pfs=3Dno
=23=09leftprotoport=3D17/0
=23=09rightprotoport=3D17/1701
=23=09also=3Droadwarrior
=23
=23conn roadwarrior-l2tp-updatedwin
=23=09pfs=3Dno
=23=09leftprotoport=3D17/1701
=23=09rightprotoport=3D17/%any  =23=09rightprotoport=3D17/1701
=23=09also=3Droadwarrior
=23
=23conn roadwarrior-net
=23=09leftsubnet=3D192.168.0.0/255.255.255.0
=23=09also=3Droadwarrior

conn roadwarrior
=09authby=3Drsasig
=09pfs=3Dno
=09keyingtries=3D3
=09rekey=3Dno
=09left=3D%defaultroute
=09leftprotoport=3D17/1701
=09right=3D%any
=09rightprotoport=3D17/%any
=09auto=3Dadd

conn block
=09auto=3Dignore

conn private
=09auto=3Dignore

conn private-or-clear
=09auto=3Dignore

conn clear-or-private
=09auto=3Dignore

conn clear
=09auto=3Dignore

conn packetdefault
=09auto=3Dignore

=23Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

More information about the Users mailing list