[Swan] we require peer to have ID 'A', but peer declares 'B'
ukindyfan
ukindyfan at gmail.com
Fri Jan 22 04:45:05 UTC 2016
I am attempting to set up a VPN client connection with a network that, of
course, runs windows at work. They use L2TP over IPsec. So, I am getting
the above error. 'A' is the server "right" address I have set up in my
ipsec.conf. "B" is my public-facing IP address. I have googled for an
answer to this for 2+ hours now. All the folks who have this error are
either trying to connect two machines that they have control over, or there
are getting some other unexplained value for "B" that is not their public
IP. So, here I am. :D
Here is my ipsec.conf
config setup
protostack=netkey
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
plutoopts=“--interface=wlan0”
# Add connections here
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=192.168.x.x <--- my local home ip address for this machine; I
get different errors if I try my public IP here
leftsubnet=192.168.0.0/24 <--- have also commented this out and
still get "we require" errors
leftnexthop=%defaultroute <---- have tried B address here and
still get the same errors
leftprotoport=17/1701
right="A" <-------- address for the work VPN is here; I have also
tried the actual "name" and get same error.
rightnexthop=%defaultroute <---- have tried B address here and still
get same errors
It is almost like libreswan/ipsec is trying to connect with my ISP (that my
public address belongs to) and is never attempting to go beyond the ISP to
find the "right" site.
I would ask for more help there, but they only support windows, even though
they give directions for unsupported apple users. Other folks I work with
use the same ISP, but also run Windows, and they do not encounter these
issues, so I must have something set up wrong.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160121/59f93d70/attachment.html>
More information about the Swan
mailing list