[Openswan Users] Connecting to IPSec/L2tp with OpenSwan/xl2tpd from Windows7 to Amazon EC2

Noam Singer singern at gmail.com
Fri Jul 13 16:27:14 EDT 2012 

Thanks Willie,

I tried but unfortunately this did not resolve the issue.

I followed the instructions from the link you have sent.

I later used the following connection configuration:

conn connRW48
        rightsubnet=vhost:%no,%priv
        type=transport
        authby=secret
        pfs=no
        rekey=no
        ikelifetime=8h
        keylife=1h
        forceencaps=yes
        leftprotoport=17/1701
        #left=10.117.59.224
        left=%defaultroute
        #leftid=@ip-10-117-59-224.ec2.internal
        leftid=23.21.84.48
        leftsourceip=23.21.84.48
        rightprotoport=17/1701
        right=%any
        auto=ignore


But I am still getting the error:
    Jul 13 19:21:22 ip-10-117-59-224 pluto[10673]: "connRW48"[2]
85.178.143.82 #1: the peer proposed: 23.21.84.48/32:17/1701 ->
192.168.2.103/32:17/1701
    Jul 13 19:21:22 ip-10-117-59-224 pluto[10673]: "connRW48"[2]
85.178.143.82 #1: peer proposal was reject in a virtual connection
policy because:
    Jul 13 19:21:22 ip-10-117-59-224 pluto[10673]: "connRW48"[2]
85.178.143.82 #1:   a private network virtual IP was required, but the
proposed IP did not match our list (virtual_private=)
    Jul 13 19:21:22 ip-10-117-59-224 pluto[10673]: "connRW48"[2]
85.178.143.82 #1: peer proposal was reject in a virtual connection
policy because:
    Jul 13 19:21:22 ip-10-117-59-224 pluto[10673]: "connRW48"[2]
85.178.143.82 #1:   a private network virtual IP was required, but the
proposed IP did not match our list (virtual_private=)
    Jul 13 19:21:22 ip-10-117-59-224 pluto[10673]: "connRW48"[2]
85.178.143.82 #1: cannot respond to IPsec SA request because no
connection is known for
23.21.84.48/32===10.117.59.224[23.21.84.48,+S=C]:17/1701...85.178.143.82[192.168.2.103,+S=C]:17/1701===192.168.2.103/32

Which seems strange to me as the result from running 'ipsec auto --status' is:
    000 "connRW48":
23.21.84.48/32===10.117.59.224<10.117.59.224>[23.21.84.48,+S=C]:17/1701...%virtual[+S=C]:17/1701===?;
unrouted; eroute owner: #0

Also, the error line "a private network virtual IP was required, but
the proposed IP did not match our list (virtual_private=)" was
observed in the logs only after I added the leftsourceip=23.21.84.48

Thanks

On Fri, Jul 13, 2012 at 6:20 PM, Willie Gillespie
<wgillespie+openswan at es2eng.com> wrote:
> On 7/13/2012 6:24 AM, Noam Singer wrote:
>>
>> Hi all,
>>
>> I am trying to connect from my Windows7 at home to my OpenSwan/xl2tpd
>> setup on an Ubuntu EC2 instance at Amazon
>
>
> You probably need forceencaps=yes
> See here: https://www.openswan.org/projects/openswan/wiki/Amazon_EC2_example
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



-- 
Noam Singer
Home-page: https://sites.google.com/site/singern/Home

More information about the Users mailing list