[Openswan Users] need some help with openswan / l2tpd

Paul Wouters paul at xelerance.com
Wed Nov 22 22:14:50 EST 2006

On Tue, 21 Nov 2006, Reza ISSANY wrote:

> Nov 21 20:54:33 sd-5193 pluto[25568]: "roadwarriorxp"[2]
> #1: cannot respond to IPsec SA request because no connection is known for
>[C=FR, ST=HOST, O=Internet Widgits Pty Ltd,
> CN=integration]:17/1701...[C=FR, ST=HOST, O=Internet Widgits
> Pty Ltd, CN=integration]:17/%any

> conn roadwarriorxp
>        keyingtries=1
>        compress=no
>        authby=rsasig
>        leftrsasigkey=%cert
>        leftcert=/data/openswan/etc/ipsec.d/certs/newcert.pem
>        leftprotoport=17/1701
>        leftsubnet=
>        leftnexthop=

add an entry for left=
remove leftsubnet. It is wrong. For L2TP/IPsec, a host-host tunnel is build, and no
subnet= should be specified. The "rightsubnet=" is used for the NAT-T hack, it is
not a "real" subnet.

> The keys negociations starts, but the l2tpd authentication doesn't seems to
> work.

IPsec does not complete. You never even get to send l2tp packets.


More information about the Users mailing list