[Openswan Users]

Paul Wouters paul at xelerance.com
Tue Aug 8 17:44:27 EDT 2006

On Tue, 8 Aug 2006, Greg wrote:

>             I”ve no problem to open a “simple”’ ipsec tunnel, but when I
> want to use L2TP, the client give me this error (Error 789: L2TP-Connection
> failed, since a processing error arose during it first safety from action
> with the remote computer) and the server (respond to IPsec SA request
> because no connection is known for[C=FR,
> E=root at test.com]:17/1701...[C=FR, ST=FRANCE, L=LOCATION, O=WEF,
> OU=INFO, CN=TEST, E=root at test.com]:17/1701)

>       virtual_private=%v4:,%v4:,%v4:

It looks like you are NATing, so that range should be added
to the virtual_private list.

> conn roadwarrior-net
>         leftsubnet=
>         also=roadwarrior

This is not l2tp! And you will run into problems trying to run l2tp and
non-l2tp connections on the same server.

> conn roadwarrior-all
>         leftsubnet=
>         also=roadwarrior
> conn roadwarrior
>         left=%defaultroute
>         leftcert=cert.pem
>         right=%any
>         rightsubnet=vhost:%no,%priv
>         auto=add
>         pfs=yes

Disable all of the above when doing l2tp.

> conn roadwarrior-l2tp
>         left=%defaultroute
>         leftcert=cert.pem
>         leftprotoport=17/1701
>         right=%any
>         rightprotoport=17/1701
>         pfs=no
>         auto=add
>         type=transport

Add: rightsubnet=vhost:%no,%priv. If your version of openswan then
complains about type=transport with subnet, comment out the type=transport
(it will still be used)


More information about the Users mailing list