[Openswan Users] Error 789 from Windows XP

Jacco de Leeuw jacco2 at dds.nl
Thu Nov 1 17:48:57 EDT 2007

andy huang wrote:

> I tried to configure IPSec n following network:
> XP--RT(
> Ububtu's eth0 is, which connects to Corp
> thru router(, eth1 is

That's a bit terse.

So you have one XP client at 192.168.0.x, the server runs some version
of Ubuntu, its external interface eth1 is at and its internal
interface eth0 at The internal LAN is at
And the router at is the default gateway to the Internet
for everything on the internal LAN, except the VPN server?

If this is correct, read on.

Is this only a test setup, BTW?

> 	left=%defaultroute

Try left=

> 	leftnexthop=%defaultroute

Try removing this parameter, assuming that is
the external interface.

> 	leftprotoport=17/%any

Use leftprotoport=17/1701 and install the NAT-T update on the
Windows 2000/XP clients.

> 	rightprotoport=17/%any

Try rightprotoport=17/1701, unless you also want to support
Mac clients.

> ipsec.secrets:
> %any : PSK "MySharedKey"

Use : PSK "MySharedKey" if think that NAT will
be involved.

> Also I couldn't find /var/log/secure for log file on
> my ubuntu. Is the log file in some place else?

Look in /var/log/debug for (x)l2tpd messages and /var/log/auth.log
for pluto messages.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list