[Openswan Users]

Matt Reeve spam at mreeve.com
Mon Jul 17 11:57:56 CEST 2006

Hi Paul,

I've reset that MTU to 1472 and restarted everything and that has had no 
effect. The W2K install is actually out of the box as is the working XP 
install so I'm not expecting anything untoward there.. ipsec verify shows:

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.6rc2/K2.6.17-1.2145_FC5 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [N/A]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

Is it possible there is something wrong with my certificates? I'm still 
a bit unclear about how to set all that up even having spent hours 
surfing for documentation on how to do it properly. It seems odd though 
that the very same certificate works on the XP box and not the 2K box...

Many thanks,

Paul Wouters wrote:
> On Thu, 13 Jul 2006, Matt Reeve wrote:
>> I am trying to make a connection using the Microsoft client using L2TP and
>> certificates but with a "Error 786: The L2TP connection attempt failed because
>> there is no valid machine certificate on your computer for security
>> authentication" every time. I installed the certificate using MMC taking great
>> care to make sure it is on the computer account and not the user account. I
>> tried 3 different W2K boxes with the same result. Using the same certificate
>> on an XP SP2 machine, also installed with MMC in the same way works fine.
>> Here is the openswan conf and log, I've highlighted the line which looks
>> suspicious compared with the (working) log from my XP connection below. Note
>> that the "unknown value" number changes each time I try to connect. I've also
>> tried openswan versions 2.4.6rc1, 2.4.5 and 2.4.0 with the same result.
> Perhaps some network settings between the two OSes are different? Can you
> try setting the mtu of the ethernet interface of the ipsec/l2tp server
> to 1472 and seeif you still have this problem? What does 'ipsec verify' say?
> Paul

More information about the Users mailing list