[Swan] Windows 10 client to libreswan VPN server: CHILD SA: no local proposal matches remote proposals

Paul Wouters paul at nohats.ca
Sun Jan 9 21:42:19 EET 2022

On Sun, 9 Jan 2022, Mirsad Goran Todorovac wrote:

>>  That's because most likely your l2tp layer went through userland xl2tpd.
>>  it can be configured to use kernel l2tp.ko but that usually has issues.
> I have tried to deploy kernel mode L2TP, but I failed. What I get from xl2tpd 
> is:

xl2tpd has not been well maintained in the last 10 years. They have
repeatedly broken things and accepted untested patches that solve one
user's problem, without having a test suite.

I wouldn't attempt to try xl2tpd anymore. And there are no other better
l2tp daemons either - openl2tp also had issues.

> I think I could write a paper on this comparison if I manage to get both 
> protocols IKEv1 and IKEv2 running under same conditions?

The comparison can really just say "l2tp kernel supposedly faster but
has been abandoned and sees no real use cases anymore and does not work
out of the box".


More information about the Swan mailing list