<div>HI Paul,<br><br>I did as you said, but didn't work.<br>The client can't connect to server. If I remove<span style="font-family: monospace;"> </span>rekey=no it connect to server.<br><br>Any idea ?<br><br>Thanks.
<br><br>-- <br>Frederico Madeira<br><a href="mailto:fmadeira@gmail.com">fmadeira@gmail.com</a><br><a href="http://www.madeira.eng.br">www.madeira.eng.br</a>
<br>
<pre>-------- Mensagem encaminhada --------<br>De: Paul Wouters <<a href="mailto:paul@xelerance.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">paul@xelerance.com</a>><br>Para: Frederico Madeira <
<a href="mailto:fmadeira@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">fmadeira@gmail.com</a>><br>Cc: <a href="mailto:users@openswan.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
users@openswan.org</a><br>Assunto: Re: [Openswan Users] IP cache on ADSL Connections<br>Data: Thu, 8 Nov 2007 19:14:34 -0500 (EST)<br><br>On Thu, 8 Nov 2007, Frederico Madeira wrote:<br><br>> I added this parameter on both
ipsec.conf, after this the tunnel didn't came up.<br><br>the side with rekey=no needs to use auto=add, as it cannot start.<br><br>Paul<br><br>> I got this in logs<br>><br>> Nov 8 17:04:33 vpn pluto[12245]: packet from
<a href="http://189.70.198.203:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">189.70.198.203:500</a>:<br>> initial Main Mode message received on <a href="http://201.36.53.68:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
201.36.53.68:500</a> but no<br>> connection has been authorized<br>> Nov 8 17:05:13 vpn pluto[12245]: packet from <a href="http://189.70.198.203:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
189.70.198.203:500</a>:<br>> ignoring unknown Vendor ID payload [4f455a7e4261425d725c705f]<br>> Nov 8 17:05:13 vpn pluto[12245]: packet from <a href="http://189.70.198.203:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
189.70.198.203:500</a>:<br>> received Vendor ID payload [Dead Peer Detection]<br>> Nov 8 17:05:13 vpn pluto[12245]: packet from <a href="http://189.70.198.203:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
189.70.198.203:500</a>:<br>> received Vendor ID payload [RFC 3947] meth=109, but port floating is<br>> off<br>> Nov 8 17:05:13 vpn pluto[12245]: packet from <a href="http://189.70.198.203:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
189.70.198.203:500</a>:<br>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,<br>> but port floating is off<br>> Nov 8 17:05:13 vpn pluto[12245]: packet from <a href="http://189.70.198.203:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
189.70.198.203:500</a>:<br>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,<br>> but port floating is off<br>> Nov 8 17:05:13 vpn pluto[12245]: packet from <a href="http://189.70.198.203:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
189.70.198.203:500</a>:<br>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,<br>> but port floating is off<br>> Nov 8 17:05:13 vpn pluto[12245]: packet from <a href="http://189.70.198.203:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
189.70.198.203:500</a>:<br>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<br>> Nov 8 17:05:13 vpn pluto[12245]: packet from <a href="http://189.70.198.203:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
189.70.198.203:500</a>:<br>> initial Main Mode message received on <a href="http://201.36.53.68:500" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">201.36.53.68:500</a> but no<br>> connection has been authorized
<br>><br>> Bellow my ipsec.conf:<br>><br>> config setup<br>> # Debug-logging controls: "none" for (almost) none, "all" for lots.<br>> # klipsdebug=none<br>> # plutodebug="control parsing"
<br>> nat_traversal=yes<br>><br>> include /etc/ipsec.d/*.conf<br>><br>> conn client_to_server<br>> left=201.xx.xx.xx # Local vitals<br>> leftsubnet=<a href="http://192.168.10.0/24" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.10.0/24</a> #<br>> <a href="mailto:leftid=@vpn.server" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">leftid=@vpn.server</a> #<br>> leftrsasigkey=0sAQPMugwfC6uU.........
<br>> leftnexthop=201.xx.xx.Xx # correct in many situations<br>> right=<a href="http://host01.no-ip.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">host01.no-ip.org</a> # Remote vitals
<br>> rightsubnet=<a href="http://192.168.20.0/24" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.20.0/24</a> #<br>> <a href="mailto:rightid=@client.server" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
rightid=@client.server</a> #<br>> rightrsasigkey=0sAQOmxV.......<br>> rightnexthop=%defaultroute # correct in many situations<br>> auto=start # authorizes but doesn't start this
<br>> # connection at startup<br>><br>> Thanks.<br>><br>><br><br></pre>
<table cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td>
<table cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td>
<b><font color="#000000">Frederico Madeira</font></b><br>
<a href="mailto:fred@fonar.com.br" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">fred@fonar.com.br</a><br>
<i><font color="#000000">Wivox / Fonar </font></i><br>
Tel: 55 81.3313.0005<br>
<tt>Cel 55.81.9959.2534 </tt><tt><font color="#800000">(NOVO)</font></tt>
</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody></table>
</div>
<br clear="all"><br><br>