# openswan client cannot connect

## Princess Nell

Can't get this quite right - any idea what I need to change? I have full control over the server as well, if any changes are required there.

All certs, including CA, were created with a slightly modified version of the easy-rsa scripts that come with openvpn.

```

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: initiating Main Mode

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: ignoring unknown Vendor ID payload [4f457e717f6b5a4e727d576b]

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: received Vendor ID payload [Dead Peer Detection]

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: received Vendor ID payload [RFC 3947] method set to=109

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: STATE_MAIN_I2: sent MI2, expecting MR2

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: I am sending my cert

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: I am sending a certificate request

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: STATE_MAIN_I3: sent MI3, expecting MR3

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: IKEv2 Vendor ID payload received but not supported in this version

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: received Vendor ID payload [CAN-IKEv2]

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: Main mode peer ID is ID_FQDN: '@server.host.net'

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: no crl from issuer "C=XX, ST=XX, L=XX, O=XX Inc., OU=XX, CN=XX Inc. CA, N=First Last , E=caadmin@company.net" found (strict=no)

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: we require peer to have ID 'C=XX, ST=XX, L=XX, O=XX Inc., OU=XX, CN=server/host.net, N=First Last, E=caadmin@company.net', but peer declares '@server.host.net'

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: sending encrypted notification INVALID_ID_INFORMATION to <server.ip>:4500

Aug 15 21:34:02 client pluto[1696]: "L2TP-CERT-CLIENT" #1: received 1 malformed payload notifies

Aug 15 21:34:27 client pluto[1696]: "L2TP-CERT-CLIENT": terminating SAs using this connection

Aug 15 21:34:27 client pluto[1696]: "L2TP-CERT-CLIENT" #1: deleting state (STATE_MAIN_I3)

```

I don't understand the problem - is it a configuration problem or is there something wrong with the generated certs?

Here's the client config:

```

conn L2TP-CERT-CLIENT

        authby=rsasig

        pfs=no

        rekey=yes

        keyingtries=1

        type=transport

        left=%defaultroute

        leftcert=/etc/ipsec.d/client.cert.pem

        leftrsasigkey=%cert

        leftprotoport=udp/l2tp

        right=server.ip

        rightcert=/etc/ipsec.d/certs/server.cert.pem

        rightrsasigkey=%cert

        rightprotoport=udp/1701

        auto=add

```

This is on stable with openswan 2.4.15-r2.

----------

## redagadir

something's probably wrong with your SSL certificate: 

we require peer to have ID 'C=XX, ST=XX, L=XX, O=XX Inc., OU=XX, CN=server/host.net, N=First Last, E=caadmin@company.net', but peer declares '@server.host.net'

----------

