[strongSwan] Strongswan on Ubuntu - Failure to connect from Windows 10 client -error: deleting half open IKE_SA with 154.**.***.** after timeout

Tom Rymes trymes at rymes.com
Tue Feb 19 13:31:39 CET 2019

> On Feb 19, 2019, at 7:07 AM, IL Ka <kazakevichilya at gmail.com> wrote:
> 1701 is L2TP port.
> It could be that Windows client tries several protos including PPTP/GRE, L2TP and so on.
> What do you see on Windows side? Which error?



I think your instructions for configuring the connection in windows are incomplete. As pointed out above, Windows is configured to use a VPN of type “auto”, so it throws everything at the server until something works.

Go back into Network and Sharing Center and click edit adapter settings on the left side. Get properties for the VPN connection you are using and set it to a type of IKE2 and configure it to use machine certificates, assuming that’s how you intend to authenticate (is it?).

Also, when windows fails to connect, it’s giving you an error. Multiple folks have asked what it is, but I don’t think you’ve answered them. That would be helpful.

Lastly, rather than build your own server from scratch, you may want to consider using a firewall distribution like IPFire, or a project like Algo that makes the configuration far simpler.


More information about the Users mailing list