<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12">
<TITLE>RE: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><FONT SIZE=2>Did you check your IPsec.SEcrets file?<BR>
it should be<BR>
192.170.1.4 %any : PSK ""<BR>
<BR>
or something to that effect.<BR>
<BR>
Randy<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: users-bounces@openswan.org on behalf of JP CR<BR>
Sent: Fri 12/31/2010 6:34 PM<BR>
To: wgillespie+openswan@es2eng.com; users@openswan.org<BR>
Subject: Re: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK<BR>
<BR>
Same result. Same error.<BR>
I can comment out the rest of the connections and i still get the same error.<BR>
<BR>
In fact I can comment out the entire l2tp-psk.conf include in ipsec.conf and I still get the same error. Not sure what this means..<BR>
<BR>
<BR>
> Date: Fri, 31 Dec 2010 19:05:54 -0700<BR>
> From: wgillespie+openswan@es2eng.com<BR>
> To: jprollerskate@hotmail.com<BR>
> CC: users@openswan.org<BR>
> Subject: Re: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK<BR>
><BR>
> As a quick test, what happens if you comment out your<BR>
> "passthrough-for-non-l2tp" connection? Is it able to find a connection<BR>
> to use then?<BR>
><BR>
> On 12/31/2010 05:58 PM, JP CR wrote:<BR>
> > Hello,<BR>
> ><BR>
> > Making a primitive test.<BR>
> ><BR>
> > I have a home LAN, a two machines one WinXP and other Ubuntu 10.1 v<BR>
> > 1:2.6.23+dfsg-1ubuntu1 kernel: 2.6.32-17-generic<BR>
> > WinXP IP is 192.170.1.3<BR>
> > Ubuntu: 192.170.1.4<BR>
> > Gateway for both is 192.170.1.1<BR>
> > No firewalls installed on either machines.<BR>
> ><BR>
> > a.) iam following guidance of:<BR>
> > <A HREF="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html">http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html</A><BR>
> > b.) This is my ipsec.conf (comments removed):<BR>
> > version 2.0 # conforms to second version of ipsec.conf specification<BR>
> ><BR>
> > # basic configuration<BR>
> > config setup<BR>
> > nat_traversal=yes<BR>
> > virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<BR>
> > oe=off<BR>
> > protostack=netkey<BR>
> ><BR>
> > include /etc/ipsec.d/l2tp-psk.conf<BR>
> ><BR>
> > c.) This is my /etc/ipsec.d/l2tp-psk.conf<BR>
> ><BR>
> > conn L2TP-PSK-NAT<BR>
> > rightsubnet=vhost:%priv<BR>
> > also=L2TP-PSK-noNAT<BR>
> ><BR>
> > conn L2TP-PSK-noNAT<BR>
> > authby=secret<BR>
> > pfs=no<BR>
> > auto=add<BR>
> > keyingtries=3<BR>
> > # we cannot rekey for %any, let client rekey<BR>
> > rekey=no<BR>
> > # Set ikelifetime and keylife to same defaults windows has<BR>
> > ikelifetime=8h<BR>
> > keylife=1h<BR>
> > # l2tp-over-ipsec is transport mode<BR>
> > type=transport<BR>
> > left=192.170.1.1<BR>
> > leftprotoport=17/1701<BR>
> > right=%any<BR>
> > rightprotoport=17/0<BR>
> ><BR>
> > conn passthrough-for-non-l2tp<BR>
> > type=passthrough<BR>
> > left=192.170.1.4<BR>
> > leftnexthop=192.170.1.1<BR>
> > right=0.0.0.0/24<BR>
> > rightsubnet=0.0.0.0/0<BR>
> > auto=route<BR>
> ><BR>
> > d.) THis is my /etc/ipsec.secrets<BR>
> ><BR>
> > 192.170.1.4 %any: PSK "password"<BR>
> ><BR>
> ><BR>
> > Iam using the native WinXP VPN connection to test, i made sure that i<BR>
> > set the preshared key and told it to use a PSK, however i keep getting<BR>
> > that error: pluto[7752]: packet from 192.170.1.3:500: initial Main Mode<BR>
> > message received on 192.170.1.4:500 but no connection has been<BR>
> > authorized with policy=PSK I expect to see: |STATE_QUICK_R2: IPsec SA<BR>
> > established|<BR>
> ><BR>
> > I tried searching google, made sure right is %any... and tried lots of<BR>
> > things but no joy.<BR>
> ><BR>
> > Thanks<BR>
> > Gunther<BR>
> ><BR>
> ><BR>
> ><BR>
> ><BR>
> ><BR>
> ><BR>
> > _______________________________________________<BR>
> > Users@openswan.org<BR>
> > <A HREF="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A><BR>
> > Micropayments: <A HREF="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</A><BR>
> > Building and Integrating Virtual Private Networks with Openswan:<BR>
> > <A HREF="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A><BR>
><BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>