[Openswan Users] issue with WinXP L2TP/IPSEC connection to Linux L2tpd

Paul Wouters paul at xelerance.com
Mon Jun 30 18:28:07 EDT 2008

> windows host ----- router ----- openswan(2.6.14 gw)----- subnet

> ip range = 

You want to make that a real subnet, eg a /28 or /27

> *  * secret  

Use something like:

user1           *       "mysecret"     
*               user1   "mysecret"     

> When connecting to the openswan gateway , I put no username and password

Don't do that. Use a username/password

> as -'secret'. On observing the logs /var/log/auth.log , I see the SA
> being established but immediately following that there is a SA
> disconnect message and the windows login fails. I have enabled CHAP

IPsec works, but l2tp isn't, so ipsec is hung up too.

> STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
> Jun 30 18:28:24 host3 pluto[5045]: "l2tp-X.509"[26] #13:
> received Delete SA payload: deleting ISAKMP State #13

That's actually before your ipsec SA fully works. I suspect you did not
properly configure L2TP on your windows box. You might have the "encryption"
setting on in l2tp (which is wrong, it should be off or "allow unencrypted"
since you won't use l2tp encryption but ipsec encryption.


More information about the Users mailing list