[Openswan Users] Conn road not function

sasa sasa at shoponweb.it
Wed Dec 29 17:45:42 CET 2004 

"Jacco de Leeuw" wrote:

> Either use leftprotoport=17/0 or install the Window NAT-T update Q818043.
> If you have a recent version of Openswan you can even use
> leftprotoport=17/%any which covers both cases.

.. I have installed update Q818043 and in ipsec.conf now I use:

leftprotoport=17/%any
...
right=%any
rightprotoport=17/1701

..but the result not change, where I mistake ?
...and in --status:

000 "left-road": 1.2.3.4:17/%any---1.2.3.5...%any:17/1701; unrouted; eroute owner: #0
000 "left-road":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "left-road":   policy: PSK+ENCRYPT; prio: 32,32; interface: eth0;
000 "left-road":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "left-road":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "left-road":   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "left-road":   ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "left-road":   ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "left-road"[1]: 1.2.3.4:17/%any---1.2.3.5...213.45.199.217:17/1701; erouted; eroute owner: #3
000 "left-road"[1]:   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "left-road"[1]:   policy: PSK+ENCRYPT; prio: 32,32; interface: eth0;
000 "left-road"[1]:   newest ISAKMP SA: #0; newest IPsec SA: #3;
000 "left-road"[1]:   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "left-road"[1]:   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "left-road"[1]:   ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "left-road"[1]:   ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "left-road"[1]:   ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<N/A>
000
000 #3: "left-road"[1] 213.45.199.217 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 3295s; newest IPSEC; eroute owner
000 #3: "left-road"[1] 213.45.199.217 esp.48a673bc at 213.45.199.217 esp.55c65135 at 1.2.3.4
000

> For more info, see:
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Certificatepatch

.. I don't use certificate but the PSK.
still thanks.
Salvatore.

More information about the Users mailing list