[Openswan Users] IPsec+L2TP connects the first time. Then doesn't...

Troy Telford ttelford.groups at gmail.com
Mon Sep 20 18:44:44 EDT 2010

On 2010-09-20 16:01:20 -0600, Troy Telford said:

> On 2010-09-15 11:29:16 -0600, Paul Wouters said:
>> On Tue, 14 Sep 2010, Troy Telford wrote:
>>> in my ipsec.conf:
>>> I had:
>>> rightprotoport=17/1701
>>> I needed:
>>> rightprotoport=17/0
>> You should probably actually have 17/%any
> I've tried 17/%any, however when I have 17/%any, I can only connect the 
> first time; subsequent attempts fail.  17/0, however, does work.

I feel a need to clarify:  IPsec connects and seems to be working with 
17/%any and 17/0.  With either setting, I get "IPsec SA established 
transport mode" whenever I connect - which tells me the IPsec part is 

However, for some reason xl2tpd won't connect after the first 
connection is made (and/or broken) if I use 17/%any.  If I have 17/0, 
then xl2tpd will connect each time.

It may be my client; I use OS X 10.6's built-in L2TP client, and use 
certificates to authenticate.

Oddly enough:  With an iOS device (ie. my iPhone) and IPsec + PSK 
(since the iPhone can't do certificates and L2TP), 17/%any works fine, 
time after time.

> Is there any particular disadvantage to using 17/0 ?  (Because 17/%any 
> just isn't working for me...)
Troy Telford

More information about the Users mailing list