[Openswan Users] Error: cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE) when running "ipsec auto --up"
Mark Ryden
markryde at gmail.com
Thu Nov 12 14:13:04 EST 2009
Hello,
I am running openswan-2.6.21-2 on fc10. I am trying to configure it to use
L2TP. I prepared /etc/ipsec.conf according to the l2tp-psk.conf.in of
the program/examples of the openswan source tree (See below).
The external IP of the machine is 82.83.83.194, and the default gw is
82.83.83.200.
I ran /etc/init.d/ipsec start and it was ok.
But When running:
"ipsec auto --up L2TP-PSK-noNAT"
I got:
029 "L2TP-PSK-noNAT": cannot initiate connection without knowing peer
IP address (kind=CK_TEMPLATE)
Any ideas what is it ?
I also tried to follow this link in:
http://www.jacco2.dds.nl/networking/linux-l2tp.html
but could not find a soulution for this error.
Any ideas?
Bellow is my /etc/ipsec.conf:
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
#
# Configuration for one user with any type of IPsec/L2TP client
# including the updated Windows 2000/XP (MS KB Q818043), but
# excluding the non-updated Windows 2000/XP.
#
#
# Use a Preshared Key. Disable Perfect Forward Secrecy.
#
# PreSharedSecret needs to be specified in /etc/ipsec.secrets as
# YourIPAddress %any: "sharedsecret"
authby=secret
pfs=no
auto=add
keyingtries=3
# we cannot rekey for %any, let client rekey
rekey=no
type=transport
#
left=82.83.83.194
leftnexthop=82.83.83.200
# or you can use: left=YourIPAddress
#
# For updated Windows 2000/XP clients,
# to support old clients as well, use leftprotoport=17/%any
leftprotoport=17/1701
#
# The remote user.
#
right=%any
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port.
rightprotoport=17/0
Regards,
Mark
More information about the Users
mailing list