[Openswan Users] Problem about windows XP l2tp/ipsec road warrior to linux gateway with x509 certificate
顏宏愷
yhkai at cht.com.tw
Tue Nov 3 05:27:23 EST 2009
Dear all.
I am trying windows XP l2tp/ipsec road warrior to linux gateway with x509 certificate.
The openswan version to be tried is 2.4.14
I follow the instructions from jacco2 web page and use openssl to generate key and certificate.
However the windows XP client cannot setup tunnel. I get part of messages by view /var/log/secure.
..#… ISAKMP SA established { auth=OAKELY_RSA_SIG …..}
..# Cannot response to SA request because no connection is known for x.x.x.x [C=TW, ST=….]:17/1701…x.x.x.x[C=TW,….]
From the message , I think the SA has setup ok, but why the connection can not setup?
Any help please.
Here is my ipsec.conf, as the same as the example l2tp-cert.conf
authby=rsasig
pfs=no
auto=add
# we cannot rekey for %any, let client rekey
rekey=no
# Do not enable the line below. It is implicitely used, and
# specifying it will currently break when using nat-t.
#type=transport. See http://bugs.xelerance.com/view.php?id=466
#
left=%defaultroute
# or you can use: left=YourIPAddress
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/outside.pem
leftprotoport=17/1701
#
# The remote user.
#
right=%any
#rightca=%same
rightrsasigkey=%cert
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port.
rightprotoport=17/0
rightsubnet=vhost:%priv,%no
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091103/48f49c2c/attachment.html
More information about the Users
mailing list