[Swan] upgrade to 3.18 broke roadwarrior connection
Paul Wouters
paul at nohats.ca
Fri Nov 25 15:03:00 UTC 2016
Swap your leftprotoport and rightprotoport values.
So use 17/1701 for the libreswan end and 17/%any for the other end.
Paul
Sent from my iPhone
> On Nov 25, 2016, at 09:31, Charles D. Van Dusen <charlie at im-design.net> wrote:
>
> Hi All,
>
> I have recently upgraded libreswan from 3.13 to 3.18 on my raspberry pi3.
>
> I am now getting the following message when I try to connect a roadwarrior vpn:
>
> “031 "L2TP-PSK": cannot initiate connection with narrowing=no and (kind=CK_TEMPLATE)”
>
> Here is my /etc/ipsec.d/l2tp-psk.conf file:
>
> root at raspberrypi:/etc/ipsec.d# more l2tp-psk.conf
> conn L2TP-PSK
> authby=secret
> pfs=no
> auto=add
> keyingtries=3nect
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
> narrowing=no
> rekey=yes
> ike=3des-sha1;modp2048
> ikelifetime=8h
> keylife=1h
> type=transport
> left=%defaultroute
> leftnexthop=%defaultroute
> leftprotoport=17/%any
> rightprotoport=17/1701
> right=A.B.C.D
>
> The vpn server is a ubiquiti edge router to which I have successfully connected this same rpi3 with an earlier version of libreswan. I also connect laptops, phones, and tablets of all varieties to this same VPN server using ipsec/l2tp.
>
> Can anyone help me figure out what I need to do to get this tunnel to connect for this rpi3?
>
> TIA
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20161125/faba2d7b/attachment.html>
More information about the Swan
mailing list