[strongSwan] Basic Setup

Morris, Russell rmorris at rkmorris.us
Mon Nov 24 23:48:59 CET 2014

Thanks for the help and info - much appreciated!

I was confused, as I found somewhere on the internet someone saying that StrongSwan also did the L2TP part, but what you say makes much more sense.

Thanks again.

-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org] 
Sent: Monday, November 24, 2014 3:48 AM
To: Morris, Russell
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Basic Setup


> I want to set up a L2TP/IPSec server on Ubuntu 14.04, [...] but for now
> just trying to get Windows going

> conn rw
>         left=
>         leftid=@moon.strongswan.org
>         leftsubnet=
>         leftauth=psk
>         leftfirewall=yes
>         right=%any
>         rightsourceip=
>         rightauth=psk
>         rightauth2=xauth
>         auto=add

L2TP/IPsec uses L2TP to create the tunnel, but uses IPsec in transport
mode to secure it. strongSwan can provide the IPsec bits only, for the
L2TP part you'll have to use a different software. For such a
connection, you'd just protect the L2TP traffic on a single port in
transport mode, there is no XAuth involved for most clients.

If you have Windows 7 clients or newer only, I'd instead recommend to
use plain IPsec with IKEv2. You won't need an L2TP daemon, and the
protocol can handle NAT etc. much better. Please refer to [1] for a
configuration guide for IKEv2 with Windows.

> 10[CFG] looking for pre-shared key peer configs matching[]
> 10[IKE] no peer config found

> I could be wrong, but I think the problem is "no peer config found" ->
> but it's in the file, no?

It is, but it doesn't match. Your client requests pre-shared key
authentication, but your configuration uses XAuth/PSK.



More information about the Users mailing list