[Openswan Users] Problem about windows XP l2tp/ipsec road warrior to linux gateway with x509 certificate
Tuomo Soini
tis at foobar.fi
Tue Nov 3 07:02:46 EST 2009
顏宏愷 wrote:
> Dear all.
>
> I am trying windows XP l2tp/ipsec road warrior to linux gateway with
> x509 certificate.
>
> The openswan version to be tried is 2.4.14
>
> I follow the instructions from jacco2 web page and use openssl to
> generate key and certificate.
>
> However the windows XP client cannot setup tunnel. I get part of
> messages by view /var/log/secure.
>
> ..#… ISAKMP SA established { auth=OAKELY_RSA_SIG …..}
>
> ..# Cannot response to SA request because no connection is known for
> x.x.x.x [C=TW, ST=….]:17/1701…x.x.x.x[C=TW,….]
>
>
>
> From the message , I think the SA has setup ok, but why the connection
> can not setup?
No. Setup is not ok.
> # Using the magic port of "0" means "any one single port". This is
> # a work around required for Apple OSX clients that use a randomly
> # high port, but propose "0" instead of their port.
> rightprotoport=17/0
This explanation here is wrong. 17/%any is to accept any single port.
17/0 is to allow udp traffic from all ports.
As you can see from your error message config doesn't match proposal.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list