[Openswan Users] No connection is known
Jacco de Leeuw
jacco2 at dds.nl
Sun Apr 25 20:45:56 CEST 2004
Vincent Freeman wrote:
>> leftprotoport=17/1701
>> rightprotoport=17/%any
>>
>>The %any parameter is included in the X.509 patch
>>(version 0.9.38 or higher for FreeS/WAN 1.99, and
>>version 1.5.3 or higher for FreeS/WAN 2.04 / 2.05).
>>I don't know about Openswan but Strongswan 2.0.0 and
>>higher also contains
>>this patch.
>
> I did read that part as well but when I add the
> protoport statements I get the following error instead
> of the last one:
>
> packet from 192.168.1.2:500: initial Main Mode message
> received on 192.168.1.1:500 but no connection has been
> authorized
> The rpms I installed are:
>
> kernel-module-openswan-2.1.1-1_2.4.22_1.2188.nptl.rhfc1.dag.i686.rpm
> openswan-utils-2.1.1-1.rhfc1.dag.i686.rpm
Openswan 2.1.1 contains version 1.4.8 of the X.509 patch which does not
support the %any parameter for rightprotoport. I suspect that if you look
at the logfile you will see error messages about the my-test-conn
configuration being rejected because of this parameter.
So I guess you either:
- switch to Strongswan
- wait for Openswan to update the X.509 patch
- extract the relevant part from the X.509 patch that implements this %any
parameter and apply the patch to Openswan yourself.
(There might be one other option, namely my own amateur patch at
http://www.jacco2.dds.nl/networking/patches/freeswan-protoport.patch
but this is not recommended).
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list