[Swan] Error ”cannot install eroute” when rekey/reconnect from the same IP (for L2TP)

Paul Wouters paul at nohats.ca
Fri May 8 22:59:12 EEST 2015

On Fri, 8 May 2015, Bob Miller wrote:

>>> Yes it does. But you should really try to not start L2TP/IPsec
>>> deployments anymore. That's really 1999.
>>> You should use IKev2 or IKEv1 XAUTH ("Cisco IPsec mode")
>>> The only client I know that does not support that without third party
>>> clients is WinXP.
> I am looking for documentation on how to setup xauth without a 3rd party 
> client in windows 7/8, but everything I come across says still need the 
> shrewsoft client.  Am I missing something?

I think for Win7 and up, the only native support is IKEv2.

You can configure libreswan with both an ikev2 and an ikev1-xauth
connection if you want to support both Win7 and say iOS.

Tuomo (or Antony) might have some screenshots or instructions on how to
configure win7 using Machine Certificate (no EAP) that we should add to
the wiki



More information about the Swan mailing list