[Openswan Users] linux box <> WinXP/SP2 problem (NAT-T, LTPD)

Paul Wouters paul at xelerance.com
Fri Jan 13 17:05:09 CET 2006

On Fri, 13 Jan 2006, Radek Antoniuk wrote:

> I have made and signed both of the certificates, but openswan seems not to
> like the one presented by WinXP.

Seems you are using an old openswan version.

> And an additional question. What LTPD do you use? Cause the www.ltpd.org site
> is now down.

l2tpd from that site is in Fedora Extras, and a somewhat older version is in
Debian. Xelerance, which maintains the version in FE, also puts the source on
their web/ftp sites: ftp.openswan.org/xl2tpd/

> I have switched to rp-l2tp-0.4. Any other useful daemons? Does anybody have a
> working example with this daemon? (NAT-T is required)

l2tpd examples are included in openswan-2.4.x and are available on Jacco's pages,
though I'm not sure if he has updated his examples to the latest settings.

> And the last question. Is there any native method of authentication with One
> Time Passwords like PSKs? Or only by using some 'external' ideas like RADIUS
> or something?

There is no native method.

> Jan 12 03:21:34 fufu pluto[6533]: "l2tp-X.509"[4] #16:
> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Jan 12 03:21:34 fufu pluto[6533]: "l2tp-X.509"[4] #16:
> STATE_MAIN_R2: sent MR2, expecting MI3
> Jan 12 03:21:34 fufu pluto[6533]: "l2tp-X.509"[4] #16: next
> payload type of ISAKMP Hash Payload has an unknown value: 239
> Jan 12 03:21:34 fufu pluto[6533]: "l2tp-X.509"[4] #16:
> malformed payload in packet

Can you upgrade to 2.4.5rc3 ?


More information about the Users mailing list