[Openswan Users] need some help with openswan / l2tpd
Reza ISSANY
issanyr at laposte.net
Fri Nov 24 05:01:44 EST 2006
Hi,
I've removed leftsubnet entry and added left= entry. But it still
doesn't works :'(
Any other idea ?
Thanks for your help.
Reza ISSANY
Paul Wouters a écrit :
> On Tue, 21 Nov 2006, Reza ISSANY wrote:
>
>
>> Nov 21 20:54:33 sd-5193 pluto[25568]: "roadwarriorxp"[2] 82.236.77.42:12568
>> #1: cannot respond to IPsec SA request because no connection is known for
>> 88.191.35.181:4500[C=FR, ST=HOST, O=Internet Widgits Pty Ltd,
>> CN=integration]:17/1701...82.236.77.42:12568[C=FR, ST=HOST, O=Internet Widgits
>> Pty Ltd, CN=integration]:17/%any
>>
>
>
>> conn roadwarriorxp
>> keyingtries=1
>> compress=no
>> authby=rsasig
>> leftrsasigkey=%cert
>> leftcert=/data/openswan/etc/ipsec.d/certs/newcert.pem
>> leftprotoport=17/1701
>> leftsubnet=172.16.7.0/16
>> leftnexthop=88.191.35.1
>>
>
> add an entry for left=
> remove leftsubnet. It is wrong. For L2TP/IPsec, a host-host tunnel is build, and no
> subnet= should be specified. The "rightsubnet=" is used for the NAT-T hack, it is
> not a "real" subnet.
>
>
>> The keys negociations starts, but the l2tpd authentication doesn't seems to
>> work.
>>
>
> IPsec does not complete. You never even get to send l2tp packets.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061124/d9085970/attachment.html
More information about the Users
mailing list