[strongSwan] Basic Setup
Morris, Russell
rmorris at rkmorris.us
Mon Nov 24 23:48:59 CET 2014
Thanks for the help and info - much appreciated!
I was confused, as I found somewhere on the internet someone saying that StrongSwan also did the L2TP part, but what you say makes much more sense.
Thanks again.
-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org]
Sent: Monday, November 24, 2014 3:48 AM
To: Morris, Russell
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Basic Setup
Hi,
> I want to set up a L2TP/IPSec server on Ubuntu 14.04, [...] but for now
> just trying to get Windows going
> conn rw
> left=192.168.1.17
> leftid=@moon.strongswan.org
> leftsubnet=10.1.0.0/16
> leftauth=psk
> leftfirewall=yes
> right=%any
> rightsourceip=10.3.0.0/24
> rightauth=psk
> rightauth2=xauth
> auto=add
L2TP/IPsec uses L2TP to create the tunnel, but uses IPsec in transport
mode to secure it. strongSwan can provide the IPsec bits only, for the
L2TP part you'll have to use a different software. For such a
connection, you'd just protect the L2TP traffic on a single port in
transport mode, there is no XAuth involved for most clients.
If you have Windows 7 clients or newer only, I'd instead recommend to
use plain IPsec with IKEv2. You won't need an L2TP daemon, and the
protocol can handle NAT etc. much better. Please refer to [1] for a
configuration guide for IKEv2 with Windows.
> 10[CFG] looking for pre-shared key peer configs matching 192.168.1.17...187.141.76.5[192.168.22.57]
> 10[IKE] no peer config found
> I could be wrong, but I think the problem is "no peer config found" ->
> but it's in the file, no?
It is, but it doesn't match. Your client requests pre-shared key
authentication, but your configuration uses XAuth/PSK.
Regards
Martin
[1]https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
More information about the Users
mailing list