[strongSwan] Basic Setup

Martin Willi martin at strongswan.org
Mon Nov 24 10:48:29 CET 2014


Hi,

> I want to set up a L2TP/IPSec server on Ubuntu 14.04, [...] but for now
> just trying to get Windows going

> conn rw
>         left=192.168.1.17
>         leftid=@moon.strongswan.org
>         leftsubnet=10.1.0.0/16
>         leftauth=psk
>         leftfirewall=yes
>         right=%any
>         rightsourceip=10.3.0.0/24
>         rightauth=psk
>         rightauth2=xauth
>         auto=add

L2TP/IPsec uses L2TP to create the tunnel, but uses IPsec in transport
mode to secure it. strongSwan can provide the IPsec bits only, for the
L2TP part you'll have to use a different software. For such a
connection, you'd just protect the L2TP traffic on a single port in
transport mode, there is no XAuth involved for most clients.

If you have Windows 7 clients or newer only, I'd instead recommend to
use plain IPsec with IKEv2. You won't need an L2TP daemon, and the
protocol can handle NAT etc. much better. Please refer to [1] for a
configuration guide for IKEv2 with Windows.

> 10[CFG] looking for pre-shared key peer configs matching 192.168.1.17...187.141.76.5[192.168.22.57]
> 10[IKE] no peer config found

> I could be wrong, but I think the problem is "no peer config found" ->
> but it's in the file, no?

It is, but it doesn't match. Your client requests pre-shared key
authentication, but your configuration uses XAuth/PSK.

Regards
Martin

[1]https://wiki.strongswan.org/projects/strongswan/wiki/Windows7



More information about the Users mailing list