<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Same result. Same error.<br>I can comment out the rest of the connections and i still get the same error.<br><br>In fact I can comment out the entire l2tp-psk.conf include in ipsec.conf and I still get the same error. Not sure what this means..<br><br><br>> Date: Fri, 31 Dec 2010 19:05:54 -0700<br>> From: wgillespie+openswan@es2eng.com<br>> To: jprollerskate@hotmail.com<br>> CC: users@openswan.org<br>> Subject: Re: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK<br>> <br>> As a quick test, what happens if you comment out your <br>> "passthrough-for-non-l2tp" connection? Is it able to find a connection <br>> to use then?<br>> <br>> On 12/31/2010 05:58 PM, JP CR wrote:<br>> > Hello,<br>> ><br>> > Making a primitive test.<br>> ><br>> > I have a home LAN, a two machines one WinXP and other Ubuntu 10.1 v<br>> > 1:2.6.23+dfsg-1ubuntu1 kernel: 2.6.32-17-generic<br>> > WinXP IP is 192.170.1.3<br>> > Ubuntu: 192.170.1.4<br>> > Gateway for both is 192.170.1.1<br>> > No firewalls installed on either machines.<br>> ><br>> > a.) iam following guidance of:<br>> > http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html<br>> > b.) This is my ipsec.conf (comments removed):<br>> > version 2.0 # conforms to second version of ipsec.conf specification<br>> ><br>> > # basic configuration<br>> > config setup<br>> > nat_traversal=yes<br>> > virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<br>> > oe=off<br>> > protostack=netkey<br>> ><br>> > include /etc/ipsec.d/l2tp-psk.conf<br>> ><br>> > c.) This is my /etc/ipsec.d/l2tp-psk.conf<br>> ><br>> > conn L2TP-PSK-NAT<br>> > rightsubnet=vhost:%priv<br>> > also=L2TP-PSK-noNAT<br>> ><br>> > conn L2TP-PSK-noNAT<br>> > authby=secret<br>> > pfs=no<br>> > auto=add<br>> > keyingtries=3<br>> > # we cannot rekey for %any, let client rekey<br>> > rekey=no<br>> > # Set ikelifetime and keylife to same defaults windows has<br>> > ikelifetime=8h<br>> > keylife=1h<br>> > # l2tp-over-ipsec is transport mode<br>> > type=transport<br>> > left=192.170.1.1<br>> > leftprotoport=17/1701<br>> > right=%any<br>> > rightprotoport=17/0<br>> ><br>> > conn passthrough-for-non-l2tp<br>> > type=passthrough<br>> > left=192.170.1.4<br>> > leftnexthop=192.170.1.1<br>> > right=0.0.0.0/24<br>> > rightsubnet=0.0.0.0/0<br>> > auto=route<br>> ><br>> > d.) THis is my /etc/ipsec.secrets<br>> ><br>> > 192.170.1.4 %any: PSK "password"<br>> ><br>> ><br>> > Iam using the native WinXP VPN connection to test, i made sure that i<br>> > set the preshared key and told it to use a PSK, however i keep getting<br>> > that error: pluto[7752]: packet from 192.170.1.3:500: initial Main Mode<br>> > message received on 192.170.1.4:500 but no connection has been<br>> > authorized with policy=PSK I expect to see: |STATE_QUICK_R2: IPsec SA<br>> > established|<br>> ><br>> > I tried searching google, made sure right is %any... and tried lots of<br>> > things but no joy.<br>> ><br>> > Thanks<br>> > Gunther<br>> ><br>> ><br>> ><br>> ><br>> ><br>> ><br>> > _______________________________________________<br>> > Users@openswan.org<br>> > http://lists.openswan.org/mailman/listinfo/users<br>> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy<br>> > Building and Integrating Virtual Private Networks with Openswan:<br>> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<br>> <br> </body>
</html>