[Swan] we require peer to have ID 'A', but peer declares 'B'

Paul Wouters paul at nohats.ca
Sun Jan 24 19:30:52 UTC 2016

On Thu, 21 Jan 2016, ukindyfan wrote:

> I am attempting to set up a VPN client connection with a network that, of course, runs windows at work.  They use L2TP over IPsec.  So, I am getting the above error.  'A' is the server
> "right" address I have set up in my ipsec.conf.  "B" is my public-facing IP address. I have googled for an answer to this for 2+ hours now.  All the folks who have this error are either
> trying to connect two machines that they have control over, or there are getting some other unexplained value for "B" that is not their public IP.  So, here I am.  :D

> conn L2TP-PSK
>         authby=secret 
>         pfs=no 
>         auto=add 
>         keyingtries=3 
>         dpddelay=30 
>         dpdtimeout=120 
>         dpdaction=clear 
>         rekey=yes 
>         ikelifetime=8h 
>         keylife=1h 
>         type=transport 
>         left=192.168.x.x  <--- my local home ip address for this machine; I get different errors if I try my public IP here
>         leftsubnet=    <--- have also commented this out and still get "we require" errors
>         leftnexthop=%defaultroute   <---- have tried B address here and still get the same errors
>         leftprotoport=17/1701
>         right="A"   <-------- address for the work VPN is here; I have also tried the actual "name" and get same error.
>     rightnexthop=%defaultroute   <---- have tried B address here and still get same errors

You should set rightid= to whatever the windows end is sending you.


More information about the Swan mailing list