[Swan] upgrade to 3.18 broke roadwarrior connection

Paul Wouters paul at nohats.ca
Fri Nov 25 15:03:00 UTC 2016


Swap your leftprotoport and rightprotoport values.

So use 17/1701 for the libreswan end and 17/%any for the other end.

Paul

Sent from my iPhone

> On Nov 25, 2016, at 09:31, Charles D. Van Dusen <charlie at im-design.net> wrote:
> 
> Hi All,
>  
> I have recently upgraded libreswan from 3.13 to 3.18 on my raspberry pi3.
>  
> I am now getting the following message when I try to connect a roadwarrior vpn:
>  
> “031 "L2TP-PSK": cannot initiate connection with narrowing=no and (kind=CK_TEMPLATE)”
>  
> Here is my /etc/ipsec.d/l2tp-psk.conf file:
>  
> root at raspberrypi:/etc/ipsec.d# more l2tp-psk.conf
> conn L2TP-PSK
>         authby=secret
>         pfs=no
>         auto=add
>         keyingtries=3nect
>         dpddelay=30
>         dpdtimeout=120
>         dpdaction=clear
>         narrowing=no
>         rekey=yes
>         ike=3des-sha1;modp2048
>         ikelifetime=8h
>         keylife=1h
>         type=transport
>         left=%defaultroute
>         leftnexthop=%defaultroute
>         leftprotoport=17/%any
>         rightprotoport=17/1701
>         right=A.B.C.D
>  
> The vpn server is a ubiquiti edge router to which I have successfully connected this same rpi3 with an earlier version of libreswan. I also connect laptops, phones, and tablets of all varieties to this same VPN server using ipsec/l2tp.
>  
> Can anyone help me figure out what I need to do to get this tunnel to connect for this rpi3?
>  
> TIA
>  
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20161125/faba2d7b/attachment.html>


More information about the Swan mailing list