[Openswan Users] Problem about windows XP l2tp/ipsec road warrior to linux gateway with x509 certificate

Tuomo Soini tis at foobar.fi
Tue Nov 3 07:02:46 EST 2009


顏宏愷 wrote:
> Dear all.
> 
> I am trying windows XP l2tp/ipsec road warrior to linux gateway with
> x509 certificate.
> 
> The openswan version to be tried is 2.4.14
> 
> I follow the instructions from jacco2 web page and use openssl to
> generate key and certificate.
> 
> However the windows XP client cannot setup tunnel. I get part of
>  messages by view /var/log/secure.
> 
> ..#… ISAKMP SA established { auth=OAKELY_RSA_SIG …..}
> 
> ..# Cannot response to SA request because no connection is known for
> x.x.x.x [C=TW, ST=….]:17/1701…x.x.x.x[C=TW,….]
> 
>  
> 
> From the message , I think the SA  has setup ok, but why the connection
> can not setup?

No. Setup is not ok.

>         # Using the magic port of "0" means "any one single port". This is
>         # a work around required for Apple OSX clients that use a randomly
>         # high port, but propose "0" instead of their port.
>         rightprotoport=17/0

This explanation here is wrong. 17/%any is to accept any single port.
17/0 is to allow udp traffic from all ports.

As you can see from your error message config doesn't match proposal.


-- 
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>


More information about the Users mailing list