[Openswan Users] need some help with openswan / l2tpd
Paul Wouters
paul at xelerance.com
Wed Nov 22 22:14:50 EST 2006
On Tue, 21 Nov 2006, Reza ISSANY wrote:
> Nov 21 20:54:33 sd-5193 pluto[25568]: "roadwarriorxp"[2] 82.236.77.42:12568
> #1: cannot respond to IPsec SA request because no connection is known for
> 88.191.35.181:4500[C=FR, ST=HOST, O=Internet Widgits Pty Ltd,
> CN=integration]:17/1701...82.236.77.42:12568[C=FR, ST=HOST, O=Internet Widgits
> Pty Ltd, CN=integration]:17/%any
> conn roadwarriorxp
> keyingtries=1
> compress=no
> authby=rsasig
> leftrsasigkey=%cert
> leftcert=/data/openswan/etc/ipsec.d/certs/newcert.pem
> leftprotoport=17/1701
> leftsubnet=172.16.7.0/16
> leftnexthop=88.191.35.1
add an entry for left=
remove leftsubnet. It is wrong. For L2TP/IPsec, a host-host tunnel is build, and no
subnet= should be specified. The "rightsubnet=" is used for the NAT-T hack, it is
not a "real" subnet.
> The keys negociations starts, but the l2tpd authentication doesn't seems to
> work.
IPsec does not complete. You never even get to send l2tp packets.
Paul
More information about the Users
mailing list