<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
Your ipsec.secrets file is in the wrong directory <br><br>> cat /etc/ipsec.d/ipsec.secrets <br>> a.b.c.d %any: PSK "myPSKkey"<br><br>It needs to be "/etc/ipsec.secrets"<br><br><span style="font-family: Tahoma,Helvetica,Sans-Serif; font-style: italic; font-weight: bold;">-<span style="font-family: Times New Roman,Times,Serif;"> Simon Charles - </span></span><br><br><br><br><br>> Date: Mon, 16 Nov 2009 23:43:44 +0100<br>> To: users@openswan.org<br>> From: ubi_maior@infinito.it<br>> Subject: [Openswan Users] Error using PSK<br>> <br>> Hi all,<br>> I would like to create a tunnel between these two sites:<br>> <br>> Site A:<br>> DrayTek router<br>> WAN IP: A.B.C.D dynamic registrered by dyndns as mysite1.dydns.org<br>> LAN Network IP: 10.9.10.0/24<br>> <br>> Site B:<br>> Linux box<br>> WAN IP: a.b.c.d static registered as mysite2.mydomain.org<br>> <br>> Site A should open the tunnel<br>> Site B hosts openswan<br>> <br>> ========================================================<br>> <br>> cat /etc/ipsec.conf <br>> # /etc/ipsec.conf - Openswan IPsec configuration file<br>> #<br>> # Manual: ipsec.conf.5<br>> #<br>> # Please place your own config files in /etc/ipsec.d/ ending in .conf<br>> <br>> version 2.0 # conforms to second version of ipsec.conf specification<br>> <br>> # basic configuration<br>> config setup<br>> # Debug-logging controls: "none" for (almost) none, "all" for lots.<br>> #klipsdebug=none<br>> #plutodebug="control parsing"<br>> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<br>> protostack=netkey<br>> nat_traversal=yes<br>> virtual_private=%v4:10.9.10.0/24<br>> oe=off<br>> # Enable this if you see "failed to find any available worker"<br>> nhelpers=0<br>> interfaces="%defaultroute"<br>> uniqueids=yes<br>> <br>> #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and<br>> uncomment this.<br>> #include /etc/ipsec.d/*.conf<br>> <br>> ================================================================<br>> <br>> cat /etc/ipsec.d/ToHome.conf <br>> conn ToHome<br>> left=66.249.23.229<br>> leftid=@green.soylent.info<br>> right=%any<br>> rightid=@mauog.dyndns.org<br>> rightsubnet=10.9.10.0/24<br>> authby=secret<br>> auto=add<br>> =================================================================<br>> <br>> cat /etc/ipsec.d/ipsec.secrets <br>> a.b.c.d %any: PSK "myPSKkey"<br>> =================================================================<br>> <br>> Looking at /var/log/secure i got this error:<br>> <br>> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor<br>> ID payload [Dead Peer Detection]<br>> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor<br>> ID payload [RFC 3947] method set to=109 <br>> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor<br>> ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using<br>> method 109<br>> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor<br>> ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using<br>> method 109<br>> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor<br>> ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using<br>> method 109<br>> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor<br>> ID payload [draft-ietf-ipsec-nat-t-ike-00]<br>> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: initial Main<br>> Mode message received on a.b.c.d:500 but no connection has been authorized<br>> with policy=PSK<br>> <br>> ***Could you help me to solve it?<br>> <br>> I've also notice that pluto starting up listen to all network interfaces:<br>> <br>> Nov 16 20:47:56 green pluto[6298]: listening for IKE messages<br>> Nov 16 20:47:56 green pluto[6298]: adding interface eth0/eth0 a.b.c.d:500<br>> Nov 16 20:47:56 green pluto[6298]: adding interface eth0/eth0 a.b.c.d:4500<br>> Nov 16 20:47:56 green pluto[6298]: adding interface lo/lo 127.0.0.1:500<br>> Nov 16 20:47:56 green pluto[6298]: adding interface lo/lo 127.0.0.1:4500<br>> Nov 16 20:47:56 green pluto[6298]: adding interface lo/lo ::1:500<br>> <br>> ***Would it possible tell Pluto to forget lopback interface?<br>> <br>> <br>> Thank You<br>> <br>> Regards<br>> <br>> Mauro<br>> <br>> <br>> _______________________________________________<br>> Users@openswan.org<br>> http://lists.openswan.org/mailman/listinfo/users<br>> Building and Integrating Virtual Private Networks with Openswan: <br>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<br> </body>
</html>