<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">OK...changed plutodebug=all to plutodebug none.<br><br>Here's my current ipsec.conf:<br><br># basic configuration<br>config setup<br> nat_traversal=yes<br> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12,%v4:!192.168.23.0/24<br> interfaces=%defaultroute<br> klipsdebug=none<br> plutodebug=none<br><br># Add connections here<br>conn DIR130-JON<br> # Left security gateway, subnet behind it, nexthop toward right.<br>
left=192.168.23.23<br> leftsubnet=192.168.23.0/24<br> leftnexthop=66.27.a.b<br> # Right security gateway, subnet behind it, nexthop toward left.<br> right=66.27.f.g<br> rightsubnet=192.168.99.0/24<br> keyexchange=ike<br> ikelifetime=480m<br> keylife=3600s<br> pfs=yes<br> compress=no<br> authby=secret<br> keyingtries=0<br> auto=start<br><br>Here's my ipsec.secrets<br><br>192.168.23.23 66.27.f.g : PSK
"mykey"<br><br>Seeing these 2 errror in auth.log:<br><br>Apr 7 14:23:02 localhost pluto[19788]: loading secrets from "/etc/ipsec.secrets"<br><span style="font-weight: bold;">Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON": route-client output: /usr/lib/ipsec/_updown: doroute `ip route add 192.168.99.0/24 via 66.27.a.b dev eth0 ' failed (RTNETLINK answers: Network is unreachable)</span><br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: initiating Main Mode<br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: received Vendor ID payload [RFC 3947] method set to=109 <br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: received Vendor ID payload [Dead Peer Detection]<br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: enabling possible NAT-traversal with method 3<br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: I did not send a certificate because I do not have one.<br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: NAT-Traversal: Result using 3: i am NATed<br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>Apr 7 14:23:02 localhost pluto[19788]: "DIR130-JON" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>Apr 7 14:23:12 localhost pluto[19788]: "DIR130-JON" #1: discarding duplicate packet; already STATE_MAIN_I3<br>Apr 7 14:23:30 localhost pluto[19788]: packet from 66.27.113.46:500: received Vendor ID payload [RFC 3947] method set to=109 <br>Apr 7 14:23:30 localhost pluto[19788]: packet from 66.27.113.46:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
meth=108, but already using method 109<br>Apr 7 14:23:30 localhost pluto[19788]: packet from 66.27.113.46:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109<br>Apr 7 14:23:30 localhost pluto[19788]: packet from 66.27.113.46:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<br>Apr 7 14:23:30 localhost pluto[19788]: packet from 66.27.113.46:500: received Vendor ID payload [Dead Peer Detection]<br>Apr 7 14:23:30 localhost pluto[19788]: "DIR130-JON" #2: responding to Main Mode<br>Apr 7 14:23:30 localhost pluto[19788]: "DIR130-JON" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>Apr 7 14:23:30 localhost pluto[19788]: "DIR130-JON" #2: STATE_MAIN_R1: sent MR1, expecting MI2<br>Apr 7 14:23:30 localhost pluto[19788]: "DIR130-JON" #2: NAT-Traversal: Result using 3: i am NATed<br>Apr 7 14:23:30 localhost pluto[19788]: "DIR130-JON" #2:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>Apr 7 14:23:30 localhost pluto[19788]: "DIR130-JON" #2: STATE_MAIN_R2: sent MR2, expecting MI3<br><span style="font-weight: bold;">Apr 7 14:24:12 localhost pluto[19788]: "DIR130-JON" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message</span><br>Apr 7 14:24:12 localhost pluto[19788]: "DIR130-JON" #1: starting keying attempt 2 of an unlimited number<br>Apr 7 14:24:12 localhost pluto[19788]: "DIR130-JON" #3: initiating Main Mode to replace #1<br>Apr 7 14:24:40 localhost pluto[19788]: "DIR130-JON" #2: max number of retransmissions (2) reached STATE_MAIN_R2Apr 7 14:21:09 localhost pluto[18701]: "DIR130-JON": route-client output: /usr/lib/ipsec/_updown: doroute `ip route add 192.168.99.0/24 via 66.27.a.b dev eth0 ' failed (RTNETLINK answers: Network is
unreachable)<br><br>Any suggestion on what could be wrong?<br><br><br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Original Message ----<br>From: Jacco de Leeuw <jacco2@dds.nl><br>To: users@openswan.org<br>Sent: Monday, April 7, 2008 2:10:43 PM<br>Subject: Re: [Openswan Users] Error: "initial Main Mode message received on 192.168.23.23:500 but no connection has been authorized"<br><br>
BUI18 wrote:<br><br>> plutodebug=all<br><br>Set this to none. It only clutters the log.<br><br>> Apr 7 10:57:19 localhost pluto[23888]: "DIR130-JON" #1: Can't<br>> authenticate: no preshared key found for `192.168.23.23' and<br>> `66.27.f.g'. Attribute OAKLEY_AUTHENTICATION_METHOD<br><br>Use something like this in your ipsec.secrets:<br><br>192.168.23.23 : PSK "ourlittlesecret"<br><br>Jacco<br>-- <br>Jacco de Leeuw mailto:<a ymailto="mailto:jacco2@dds.nl" href="mailto:jacco2@dds.nl">jacco2@dds.nl</a><br>Zaandam, The Netherlands <a href="http://www.jacco2.dds.nl" target="_blank">http://www.jacco2.dds.nl</a><br>_______________________________________________<br><a ymailto="mailto:Users@openswan.org" href="mailto:Users@openswan.org">Users@openswan.org</a><br><a
href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>Building and Integrating Virtual Private Networks with Openswan: <br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br></div><br></div></div><br>
<hr size=1>You rock. That's why Blockbuster's offering you <a href="http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com">one month of Blockbuster Total Access</a>, No Cost.</body></html>