<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:x =
"urn:schemas-microsoft-com:office:excel" xmlns:p =
"urn:schemas-microsoft-com:office:powerpoint" xmlns:a =
"urn:schemas-microsoft-com:office:access" xmlns:dt =
"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s =
"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs =
"urn:schemas-microsoft-com:rowset" xmlns:z = "#RowsetSchema" xmlns:b =
"urn:schemas-microsoft-com:office:publisher" xmlns:ss =
"urn:schemas-microsoft-com:office:spreadsheet" xmlns:c =
"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa =
"urn:schemas-microsoft-com:office:activation" xmlns:html =
"http://www.w3.org/TR/REC-html40" xmlns:q =
"http://schemas.xmlsoap.org/soap/envelope/" XMLNS:D = "DAV:" xmlns:x2 =
"http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois =
"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir =
"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds =
"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp =
"http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc =
"http://schemas.microsoft.com/data/udc" xmlns:xsd =
"http://www.w3.org/2001/XMLSchema" xmlns:sps =
"http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi =
"http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf =
"http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf =
"http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver =
"http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels =
"http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t =
"http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m =
"http://schemas.microsoft.com/exchange/services/2006/messages"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16544" name=GENERATOR>
<STYLE>@font-face {
font-family: Calibri;
}
@page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 72.0pt 72.0pt 72.0pt; }
P.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
LI.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
DIV.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-compose
}
.MsoChpDefault {
mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV dir=ltr align=left><SPAN class=704070018-02112007><FONT face=Arial
color=#0000ff size=2>Well for starters your openswan ipsec.conf should have
left=192.168.1.65 not left=10.0.5.12, and should have
plutodebug=none.</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> users-bounces@openswan.org
[mailto:users-bounces@openswan.org] <B>On Behalf Of </B>Mark
Hayward<BR><B>Sent:</B> November 2, 2007 1:24 PM<BR><B>To:</B>
users@openswan.org<BR><B>Subject:</B> [Openswan Users] Problems, I think NAT
related<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal><SPAN lang=EN-GB>Hi,<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>Please help me! <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>Here is my setup:<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>10.0.5.0/24
------10.0.5.12(OpenSwan)192.168.1.65-----192.168.1.254(speedtouch)</SPAN><SPAN
lang=EN-GB> </SPAN><SPAN
lang=EN-GB>86.148.87.91------------(Internet)--------80.102.114.86(IPCOP)192.168.3.149---------192.168.2.0/24<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>However, when I start the connection from
Openswan, I get the following from IPCOP logs:<o:p></o:p></SPAN></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>packet from 86.148.87.91:49179: initial Main Mode message
received on 80.102.114.86:500 but no connection has been authorized with
policy=PSK<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>Am I receiving this error because the port that openswan is
sending from is 49179? Or is it down to some other problem? How would I fix
it?<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>Here is the config from ipcop:<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal><SPAN lang=EN-GB>config setup<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
interfaces="%defaultroute "<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
klipsdebug="none"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
plutodebug="none"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
plutoload=%search<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
plutostart=%search<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
uniqueids=yes<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
nat_traversal=yes<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.3.0/255.255.255.0,%v4:!192.168.4.0/255.255.254.0,%v4:!10.0.5.0/255.255.255.0<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>conn %default<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
keyingtries=0<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
disablearrivalcheck=no<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>conn manchester #RED<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
left=cardiffadmin.demon.co.uk<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
leftnexthop=%defaultroute<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
leftsubnet=192.168.2.0/255.255.254.0<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
right=86.148.87.91<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
rightsubnet=10.0.5.0/255.255.255.0<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
rightnexthop=%defaultroute<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
leftid="@80.102.114.86"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
rightid="@86.148.87.91"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha$<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
ikelifetime=1h<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
keylife=8h<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
aggrmode=yes<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
dpddelay=30<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
dpdtimeout=120<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
dpdaction=restart<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
pfs=no<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
authby=secret<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
auto=start<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>My ipsec.secrets from IPcop looks like
this:<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>@80.102.114.86 @86.148.87.91 : PSK
'password'<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 0cm; PADDING-BOTTOM: 1pt; BORDER-LEFT: medium none; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; mso-element: para-border-div">
<P class=MsoNormal
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 0cm; PADDING-BOTTOM: 0cm; BORDER-LEFT: medium none; PADDING-TOP: 0cm; BORDER-BOTTOM: medium none"><SPAN
lang=EN-GB><o:p> </o:p></SPAN></P></DIV>
<P class=MsoNormal><SPAN lang=EN-GB>Here is the config from the Openswan
box:<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>version 2.0 #
conforms to second version of ipsec.conf specification<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB># basic
configuration<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>config setup<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
# plutodebug / klipsdebug = "all", "none" or a combation from
below:<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
# "raw crypt parsing emitting control klips pfkey natt x509
private"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
# eg:<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
# plutodebug="control parsing"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
#<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
# Only enable klipsdebug=all if you are a developer<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
#<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
# NAT-TRAVERSAL support, see README.NAT-Traversal<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
nat_traversal=yes<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.5.0/24<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
#<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
# enable this if you see "failed to find any available
worker"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
nhelpers=0<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
plutodebug="all"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
uniqueids=yes<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB># Add connections
here<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>conn vpnserver<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
right=80.102.114.86<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
rightnexthop=%defaultroute<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
rightsubnet=192.168.2.0/255.255.254.0<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
left=10.0.5.12<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
leftsubnet=10.0.5.0/255.255.255.0<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
leftnexthop=%defaultroute<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
leftid="@86.148.87.91"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
rightid="@80.102.114.86"<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
ike=aes<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
esp=aes<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
ikelifetime=1h<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
keylife=8h<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
dpddelay=30<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
dpdtimeout=120<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
dpdaction=restart<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
pfs=yes<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB>
authby=secret<o:p></o:p></SPAN></P>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 0cm; PADDING-BOTTOM: 1pt; BORDER-LEFT: medium none; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; mso-element: para-border-div">
<P class=MsoNormal
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 0cm; PADDING-BOTTOM: 0cm; BORDER-LEFT: medium none; PADDING-TOP: 0cm; BORDER-BOTTOM: medium none"><SPAN
lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 0cm; PADDING-BOTTOM: 0cm; BORDER-LEFT: medium none; PADDING-TOP: 0cm; BORDER-BOTTOM: medium none"><SPAN
lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 0cm; PADDING-BOTTOM: 0cm; BORDER-LEFT: medium none; PADDING-TOP: 0cm; BORDER-BOTTOM: medium none"><SPAN
lang=EN-GB>My ipsec.secrets for openswan looks like
this:<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 0cm; PADDING-BOTTOM: 0cm; BORDER-LEFT: medium none; PADDING-TOP: 0cm; BORDER-BOTTOM: medium none"><SPAN
lang=EN-GB>: PSK "password"<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 0cm; PADDING-BOTTOM: 0cm; BORDER-LEFT: medium none; PADDING-TOP: 0cm; BORDER-BOTTOM: medium none"><SPAN
lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: medium none; PADDING-LEFT: 0cm; PADDING-BOTTOM: 0cm; BORDER-LEFT: medium none; PADDING-TOP: 0cm; BORDER-BOTTOM: medium none"><SPAN
lang=EN-GB><o:p> </o:p></SPAN></P></DIV>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN lang=EN-GB><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
lang=EN-GB><o:p> </o:p></SPAN></P></DIV></BLOCKQUOTE></BODY></HTML>