<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
The secrets is included in my original post... its present the way you specifiy.<br><br><br><hr id="ecxstopSpelling">Subject: RE: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK<br>Date: Fri, 31 Dec 2010 18:37:06 -0800<br>From: rwyatt@nvtl.com<br>To: jprollerskate@hotmail.com; wgillespie+openswan@es2eng.com; users@openswan.org<br><br>






<title>Message body</title>



<br>

<font size="2">Did you check your IPsec.SEcrets file?<br>
it should be<br>
192.170.1.4 %any : PSK ""<br>
<br>
or something to that effect.<br>
<br>
Randy<br>
<br>
<br>
-----Original Message-----<br>
From: users-bounces@openswan.org on behalf of JP CR<br>
Sent: Fri 12/31/2010 6:34 PM<br>
To: wgillespie+openswan@es2eng.com; users@openswan.org<br>
Subject: Re: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK<br>
<br>
Same result. Same error.<br>
I can comment out the rest of the connections and i still get the same error.<br>
<br>
In fact I can comment out the entire l2tp-psk.conf include in ipsec.conf and I still get the same error. Not sure what this means..<br>
<br>
<br>
&gt; Date: Fri, 31 Dec 2010 19:05:54 -0700<br>
&gt; From: wgillespie+openswan@es2eng.com<br>
&gt; To: jprollerskate@hotmail.com<br>
&gt; CC: users@openswan.org<br>
&gt; Subject: Re: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK<br>
&gt;<br>
&gt; As a quick test, what happens if you comment out your<br>
&gt; "passthrough-for-non-l2tp" connection? Is it able to find a connection<br>
&gt; to use then?<br>
&gt;<br>
&gt; On 12/31/2010 05:58 PM, JP CR wrote:<br>
&gt; &gt; Hello,<br>
&gt; &gt;<br>
&gt; &gt; Making a primitive test.<br>
&gt; &gt;<br>
&gt; &gt; I have a home LAN, a two machines one WinXP and other Ubuntu 10.1 v<br>
&gt; &gt; 1:2.6.23+dfsg-1ubuntu1 kernel: 2.6.32-17-generic<br>
&gt; &gt; WinXP IP is 192.170.1.3<br>
&gt; &gt; Ubuntu: 192.170.1.4<br>
&gt; &gt; Gateway for both is 192.170.1.1<br>
&gt; &gt; No firewalls installed on either machines.<br>
&gt; &gt;<br>
&gt; &gt; a.) iam following guidance of:<br>
&gt; &gt; <a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html" target="_blank">http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html</a><br>
&gt; &gt; b.) This is my ipsec.conf (comments removed):<br>
&gt; &gt; version 2.0 # conforms to second version of ipsec.conf specification<br>
&gt; &gt;<br>
&gt; &gt; # basic configuration<br>
&gt; &gt; config setup<br>
&gt; &gt; nat_traversal=yes<br>
&gt; &gt; virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<br>
&gt; &gt; oe=off<br>
&gt; &gt; protostack=netkey<br>
&gt; &gt;<br>
&gt; &gt; include /etc/ipsec.d/l2tp-psk.conf<br>
&gt; &gt;<br>
&gt; &gt; c.) This is my /etc/ipsec.d/l2tp-psk.conf<br>
&gt; &gt;<br>
&gt; &gt; conn L2TP-PSK-NAT<br>
&gt; &gt; rightsubnet=vhost:%priv<br>
&gt; &gt; also=L2TP-PSK-noNAT<br>
&gt; &gt;<br>
&gt; &gt; conn L2TP-PSK-noNAT<br>
&gt; &gt; authby=secret<br>
&gt; &gt; pfs=no<br>
&gt; &gt; auto=add<br>
&gt; &gt; keyingtries=3<br>
&gt; &gt; # we cannot rekey for %any, let client rekey<br>
&gt; &gt; rekey=no<br>
&gt; &gt; # Set ikelifetime and keylife to same defaults windows has<br>
&gt; &gt; ikelifetime=8h<br>
&gt; &gt; keylife=1h<br>
&gt; &gt; # l2tp-over-ipsec is transport mode<br>
&gt; &gt; type=transport<br>
&gt; &gt; left=192.170.1.1<br>
&gt; &gt; leftprotoport=17/1701<br>
&gt; &gt; right=%any<br>
&gt; &gt; rightprotoport=17/0<br>
&gt; &gt;<br>
&gt; &gt; conn passthrough-for-non-l2tp<br>
&gt; &gt; type=passthrough<br>
&gt; &gt; left=192.170.1.4<br>
&gt; &gt; leftnexthop=192.170.1.1<br>
&gt; &gt; right=0.0.0.0/24<br>
&gt; &gt; rightsubnet=0.0.0.0/0<br>
&gt; &gt; auto=route<br>
&gt; &gt;<br>
&gt; &gt; d.) THis is my /etc/ipsec.secrets<br>
&gt; &gt;<br>
&gt; &gt; 192.170.1.4 %any: PSK "password"<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt; &gt; Iam using the native WinXP VPN connection to test, i made sure that i<br>
&gt; &gt; set the preshared key and told it to use a PSK, however i keep getting<br>
&gt; &gt; that error: pluto[7752]: packet from 192.170.1.3:500: initial Main Mode<br>
&gt; &gt; message received on 192.170.1.4:500 but no connection has been<br>
&gt; &gt; authorized with policy=PSK I expect to see: |STATE_QUICK_R2: IPsec SA<br>
&gt; &gt; established|<br>
&gt; &gt;<br>
&gt; &gt; I tried searching google, made sure right is %any... and tried lots of<br>
&gt; &gt; things but no joy.<br>
&gt; &gt;<br>
&gt; &gt; Thanks<br>
&gt; &gt; Gunther<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt; &gt; _______________________________________________<br>
&gt; &gt; Users@openswan.org<br>
&gt; &gt; <a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
&gt; &gt; Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
&gt; &gt; Building and Integrating Virtual Private Networks with Openswan:<br>
&gt; &gt; <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
&gt;<br>
<br>
<br>
</font>
<br>                                               </body>
</html>