[strongSwan] Config to make it work with "Use certificate for authentication" L2TP option of windows

RA ss17 at fea.st
Tue Oct 24 07:48:31 CEST 2017


I was able to configure strongswan + xl2tpd to make windows in-built VPN
client connect to it using:

1) Plain L2TP (directly to xl2tpd)
2) L2TP/IPSec with PSK (after creating some IPtables rules for xl2tpd)

Now as we know PSK isn't very secure, I intend to use other
authentication method provided for IPSec/L2TP in windows VPN client:  
"Use certificate for authentication".  As the interface says, it
probably tries to work like the XAUTH/Hybrid mode of Android by
validating the certificate provided by server. But when I select this
mode in windows instead of PSK, the client tries to connect only to port
1701 directly instead of 500, 4500 etc. And as direct access to xl2tpd
is prevented by firewall, the connection doesn't work.

Is there any workaround for this, short of recommending IKEv2 instead of

Thanks & Regards.

More information about the Users mailing list