[Openswan Users] Conn road not function
sasa
sasa at shoponweb.it
Wed Dec 29 17:45:42 CET 2004
"Jacco de Leeuw" wrote:
> Either use leftprotoport=17/0 or install the Window NAT-T update Q818043.
> If you have a recent version of Openswan you can even use
> leftprotoport=17/%any which covers both cases.
.. I have installed update Q818043 and in ipsec.conf now I use:
leftprotoport=17/%any
...
right=%any
rightprotoport=17/1701
..but the result not change, where I mistake ?
...and in --status:
000 "left-road": 1.2.3.4:17/%any---1.2.3.5...%any:17/1701; unrouted; eroute owner: #0
000 "left-road": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "left-road": policy: PSK+ENCRYPT; prio: 32,32; interface: eth0;
000 "left-road": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "left-road": IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "left-road": IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "left-road": ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "left-road": ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "left-road"[1]: 1.2.3.4:17/%any---1.2.3.5...213.45.199.217:17/1701; erouted; eroute owner: #3
000 "left-road"[1]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "left-road"[1]: policy: PSK+ENCRYPT; prio: 32,32; interface: eth0;
000 "left-road"[1]: newest ISAKMP SA: #0; newest IPsec SA: #3;
000 "left-road"[1]: IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "left-road"[1]: IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "left-road"[1]: ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "left-road"[1]: ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "left-road"[1]: ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<N/A>
000
000 #3: "left-road"[1] 213.45.199.217 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 3295s; newest IPSEC; eroute owner
000 #3: "left-road"[1] 213.45.199.217 esp.48a673bc at 213.45.199.217 esp.55c65135 at 1.2.3.4
000
> For more info, see:
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Certificatepatch
.. I don't use certificate but the PSK.
still thanks.
Salvatore.
More information about the Users
mailing list