[Openswan Users] Openswan error message glossary

Erich Titl erich.titl at think.ch
Wed Oct 17 18:34:27 EDT 2012


on 17.10.2012 23:00, dan.cave at me.com wrote:
> Is there a glossary of error messages and what they mean/relate to or
> syntax /cause for openswan when using ipsec an xl2tpd /related
> configurations which users can refer to along with stock examples of
> known configs 
> I know that the book has someone of the latter but i would be really
> interested to see a comprehensive list of setups  which users have,
> inter portability/operability and know what works.. Also understanding
> what the errors mean relating to either config etc.. I think it would
> enrich peoples understanding of ipsec an xl2tpd. I realise that its
> never possible to have all configs but if someone is trying to setup
> android/ios(apple) connectivity for road warrior or supporting ipsec
> between sites and supporting Voip over this config...

You are perfectly right, in my case I lacked the understanding of how
and _why_ ipsec and l2tp was related and why anyone would implement
that, well, absurdity.

IMHO one needs to understand the interaction of these 2 protocol suites.
I found something in an old (perished) strongswan document which showed
the tunnels inside each other.

The IPSec part just provides the tunnel authentication and encryption
frunctionality whereas l2tp provides the M$ access stuff. It would not
be necessary on a different platform, but the integrators of IOS and
Android apparently just left out pure IPSec.

Also I was lacking information on the significance of some of the
parameters passed to the connection description, in my case I appear not
to need that, as I am not passing that traffic to a l2tp implementation
on the same host.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1877 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.openswan.org/pipermail/users/attachments/20121018/47376e9b/attachment.p7s>

More information about the Users mailing list