[Swan] we require peer to have ID 'A', but peer declares 'B'

ukindyfan ukindyfan at gmail.com
Fri Jan 22 04:45:05 UTC 2016 

I am attempting to set up a VPN client connection with a network that, of
course, runs windows at work.  They use L2TP over IPsec.  So, I am getting
the above error.  'A' is the server "right" address I have set up in my
ipsec.conf.  "B" is my public-facing IP address. I have googled for an
answer to this for 2+ hours now.  All the folks who have this error are
either trying to connect two machines that they have control over, or there
are getting some other unexplained value for "B" that is not their public
IP.  So, here I am.  :D

Here is my ipsec.conf

config setup

    protostack=netkey
    dumpdir=/var/run/pluto/
    nat_traversal=yes
    virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
    plutoopts=“--interface=wlan0”

# Add connections here

conn L2TP-PSK
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        dpddelay=30
        dpdtimeout=120
        dpdaction=clear
        rekey=yes
        ikelifetime=8h
        keylife=1h
        type=transport
        left=192.168.x.x  <--- my local home ip address for this machine; I
get different errors if I try my public IP here
        leftsubnet=192.168.0.0/24    <--- have also commented this out and
still get "we require" errors
        leftnexthop=%defaultroute   <---- have tried B address here and
still get the same errors
        leftprotoport=17/1701
        right="A"   <-------- address for the work VPN is here; I have also
tried the actual "name" and get same error.
    rightnexthop=%defaultroute   <---- have tried B address here and still
get same errors

It is almost like libreswan/ipsec is trying to connect with my ISP (that my
public address belongs to) and is never attempting to go beyond the ISP to
find the "right" site.

I would ask for more help there, but they only support windows, even though
they give directions for unsupported apple users.  Other folks I work with
use the same ISP, but also run Windows, and they do not encounter these
issues, so I must have something set up wrong.

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160121/59f93d70/attachment.html>

More information about the Swan mailing list