[Openswan Users] Infamous "Error 789"

Tom Robinson tom.robinson at motec.com.au
Wed Dec 17 07:15:38 EST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

openswan-2.6.33-1
CentOS release 5.11 (Final)
xl2tpd-1.2.7-1

Hi All,

I have had a handful of roadwarrior/L2TP style VPN connections working
for about three years. Now I get a few of them seeing this "Error
789". This error is killing connections from Windows 7 before they
have a chance to even connect to the server! Trying to work out the
solution is also killing me!

I believe that this is a client (Windows 7) issue. The connections are
'Road Warrior' connections. Some people can still connect but a couple
of others can't.

I'm hoping that someone will just chip in here and tell me that
Windows 7 Update blah blah causes this issue; fix it like this...

Just so you know, we issue certificates for 365 days and I have
checked the expiry dates on the certificates on the troublesome
connections. They are still valid. I've also re-installed the certs
and, for one client, re-issued a new certificate. Still nothing works.

I also tried to connect with a 'bogus' Pre-Shared-Key configured on
Windows 7 to see if the VPN traffic at least made it to the server.
Nope! It failed with "Error 789".

I also tried to connect using PPTP configured on Windows 7. I finally
saw some traffic on the server but, since I don't run a pptp daemon,
no connection was possible. At least I know that the traffic gets through.

Anyone have any clues at all where I might look next? I'm completely
stumped on this.

Kind regards,
Tom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlSRc+YACgkQTTfAzopMt6dWXwCfS91njcjEQu7PWKpYOijIjiTJ
FkoAn3QjuMylccUnY/dvpwpXPk/ntyi0
=n7Jd
-----END PGP SIGNATURE-----


More information about the Users mailing list