[Openswan Users] Openswan <-> WinXp with L2TP and X.509 behind NATs not working

Paul Wouters paul at xelerance.com
Sat Nov 18 21:19:12 EST 2006

On Sat, 18 Nov 2006, Florian Hackenberger wrote:

> I've got a problem with the following setup:
> WinXP ( -> -> ( INTERNET
> ( <- <- Linux (

> What puzzles me a bit is the following line:
> started looking for secret for C=AT, ST=Steiermark, L=Graz, O=Home, CN=Florian
> Hackenberger, E=f.hackenberger at chello.at-> of kind PPK_PSK
> Why PPK_PSK? Is this a typo in the code or is it really looking for a PSK?
> However one of the next lines indicates an error (at least to me):
> concluding with best_match=0 best=(nil) (lineno=-1)

Do not enable plutodebug= for configuration issues.

> One of my guesses is that pluto does either not know about my CA (I have not
> found a configuration option for specifying a CA certificate), or tries PSK
> instead of X.509 authentication (no idea why it does so).

run ipsec auto --listall to look at the certificate, CA and private key

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list