<div dir="ltr">Hello everyone,<div><br></div><div>Did this get resolved?</div><div><br></div><div>I am having the same issues even after following Simon's advice as well.</div><div><br></div><div>What information or further details are required?</div>
<div><br></div><div>My secret file looks like this:</div><div><br></div><div><ElasticIP> 0.0.0.0 %any: PSK "<something>"<br></div><div><br></div><div>and config looks like:</div><div><br></div><div><div>
conn <name></div><div>        authby=secret</div><div>        pfs=no</div><div>        auto=add</div><div>        keyingtries=3</div><div>        type=transport</div><div>        forceencaps=yes</div><div>        right=%any</div>
<div>        rightprotoport=17/%any</div><div>        left=<ElasticIP></div><div>        leftnexthop=%defaultroute</div><div>        leftprotoport=17/1701</div><div>        dpddelay=10</div><div>        dpdtimeout=90</div>
<div>        dpdaction=clear</div></div><div><br></div><div>Thanks,</div><div>Paul</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 29 November 2013 03:47, Simon Deziel <span dir="ltr"><<a href="mailto:simon@xelerance.com" target="_blank">simon@xelerance.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Mohsen,<br>
<br>
I think you should have those settings:<br>
<br>
  left=%defaultsource<br>
  leftid=ElasticIP<br>
  leftsourceip=ElasticIP<br>
  forceencaps=yes<br>
  auto=add<br>
<br>
The Elastic IP shouldn't have the "@" prefix. Your ipsec.secrets should<br>
look like this:<br>
<br>
ElasticIP  0.0.0.0 %any: PSK "123"<br>
<br>
For a complete example (not using L2TP):<br>
<a href="https://github.com/xelerance/Openswan/wiki/Amazon-ec2-example" target="_blank">https://github.com/xelerance/Openswan/wiki/Amazon-ec2-example</a><br>
<br>
Regards,<br>
Simon<br>
<div class=""><br>
<br>
On 13-11-28 11:31 AM, Mohsen B.Sarmadi wrote:<br>
> Dear all,<br>
><br>
> I am using a EC2 Ubuntu 12.04 LTS instance in AWS.<br>
> I used all of the configurations from<br>
> here(<a href="http://fortycloud.com/setting-up-ipsecopenswan-in-amazon-ec2/" target="_blank">http://fortycloud.com/setting-up-ipsecopenswan-in-amazon-ec2/</a>), but<br>
> in auth.log i am keep getting<br>
><br>
</div>> Nov 28 16:12:22 ip-10-164-25-201 *pluto*[6268]: packet from<br>
<div class="">> myComputerIP:500: initial Main Mode message received<br>
> on myEC2PrivateIP:500 but no connection has been authorized with policy=PSK<br>
><br>
> $cat /etc/ipsec.secrets<br>
> @myEC2PrivateIP %any: PSK "123"<br>
><br>
> $ sudo cat /etc/ipsec.conf<br>
> config setup<br>
>    protostack=netkey<br>
>    interfaces=%defaultroute<br>
>    nat_traversal=yes<br>
> # this will force openswan to use IPSec over UDP - required for EC2<br>
>    force_keepalive=yes<br>
>    keep_alive=60<br>
</div>>    virtual_private=%v4:<a href="http://172.24.0.0/16" target="_blank">172.24.0.0/16</a> <<a href="http://172.24.0.0/16" target="_blank">http://172.24.0.0/16</a>><br>
<div><div class="h5">> # this Subnet must include range provided in the xl2tpd config file<br>
>    oe=no<br>
>    nhelpers=0<br>
> conn RWConn # road warrior connection description<br>
>    rightsubnet=vhost:%priv<br>
>    type=transport<br>
>    authby=secret<br>
>    pfs=no<br>
>    rekey=no<br>
>    ikelifetime=8h<br>
>    keylife=1h<br>
>    leftprotoport=17/1701<br>
>    left= myEC2PrivateIP<br>
>    leftid=@myEC2PrivateIP<br>
>    rightprotoport=17/%any<br>
>    right=%any<br>
>    auto=ignore<br>
><br>
><br>
><br>
> $ sudo cat /etc/xl2tpd/xl2tpd.conf<br>
> [global]<br>
> ipsec saref = yes<br>
> ; this must be the private EC2 address allocated to eth0<br>
> listen-addr = myEC2PrivateIP<br>
> [lns default]<br>
> ; addresses to road road warriors will be allocated from this range<br>
> ip range = 172.24.100.1-172.24.100.254<br>
> ; GW virtual address (must be outside of the above range)<br>
> local ip = 172.24.0.150<br>
> refuse pap = yes<br>
> require authentication = yes<br>
> name = MyGW<br>
> ; points to PPP config file (you can choose your own name)<br>
> pppoptfile = /etc/ppp/options.xl2tpd<br>
> length bit = yes<br>
><br>
> please help me on this.<br>
> thanks<br>
> Mohs<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> <a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
> <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
><br>
<br>
_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote></div><br></div>