[Openswan Users] choosing right connection

jerry jz at silpion.de
Thu Jul 1 18:00:38 CEST 2004 

dear list,

in my openswan setup I have two connections.
the first one is with PSK, the other with certs.
on the right side I must specify %any.
openswan always choses the one with certs
and then tells me: policy does'n allow OAKLEY_PRESHARED_KEY authentication,
that is big shit (sorry), because there is another one using PSK.

please give me a hint or a workaround.


bye
jerry
----------------------
here comes the log:
Jul  1 16:51:06 devbox pluto[17883]: "roadwarrior"[60] 80.137.xyz.yzx #60:
responding to Main Mode from unknown peer 80.137.xyz.yzx
Jul  1 16:51:06 devbox pluto[17883]: | **emit ISAKMP Message:
Jul  1 16:51:06 devbox pluto[17883]: |    initiator cookie:
Jul  1 16:51:06 devbox pluto[17883]: |   64 32 99 4c  26 93 49 24
Jul  1 16:51:06 devbox pluto[17883]: |    responder cookie:
Jul  1 16:51:07 devbox pluto[17883]: |   45 a2 ee 2f  a3 30 8f dc
Jul  1 16:51:07 devbox pluto[17883]: |    next payload type: ISAKMP_NEXT_SA
Jul  1 16:51:07 devbox pluto[17883]: |    ISAKMP version: ISAKMP Version 1.0
Jul  1 16:51:07 devbox pluto[17883]: |    exchange type: ISAKMP_XCHG_IDPROT
Jul  1 16:51:07 devbox pluto[17883]: |    flags: none
Jul  1 16:51:07 devbox pluto[17883]: |    message ID:  00 00 00 00
Jul  1 16:51:07 devbox pluto[17883]: | ***emit ISAKMP Security Association
Payload:
Jul  1 16:51:07 devbox pluto[17883]: |    next payload type: ISAKMP_NEXT_NONE
Jul  1 16:51:07 devbox pluto[17883]: |    DOI: ISAKMP_DOI_IPSEC
Jul  1 16:51:07 devbox pluto[17883]: | ****parse IPsec DOI SIT:
Jul  1 16:51:07 devbox pluto[17883]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul  1 16:51:07 devbox pluto[17883]: | ****parse ISAKMP Proposal Payload:
Jul  1 16:51:07 devbox pluto[17883]: |    next payload type: ISAKMP_NEXT_NONE
Jul  1 16:51:07 devbox pluto[17883]: |    length: 40
Jul  1 16:51:07 devbox pluto[17883]: |    proposal number: 0
Jul  1 16:51:07 devbox pluto[17883]: |    protocol ID: PROTO_ISAKMP
Jul  1 16:51:07 devbox pluto[17883]: |    SPI size: 0
Jul  1 16:51:07 devbox pluto[17883]: |    number of transforms: 1
Jul  1 16:51:07 devbox pluto[17883]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Jul  1 16:51:07 devbox pluto[17883]: |    next payload type: ISAKMP_NEXT_NONE
Jul  1 16:51:07 devbox pluto[17883]: |    length: 32
Jul  1 16:51:07 devbox pluto[17883]: |    transform number: 0
Jul  1 16:51:07 devbox pluto[17883]: |    transform ID: KEY_IKE
Jul  1 16:51:07 devbox pluto[17883]: | ******parse ISAKMP Oakley attribute:
Jul  1 16:51:07 devbox pluto[17883]: |    af+type: OAKLEY_LIFE_TYPE
Jul  1 16:51:07 devbox pluto[17883]: |    length/value: 1
Jul  1 16:51:07 devbox pluto[17883]: |    [1 is OAKLEY_LIFE_SECONDS]
Jul  1 16:51:07 devbox pluto[17883]: | ******parse ISAKMP Oakley attribute:
Jul  1 16:51:07 devbox pluto[17883]: |    af+type: OAKLEY_LIFE_DURATION
Jul  1 16:51:07 devbox pluto[17883]: |    length/value: 900
Jul  1 16:51:07 devbox pluto[17883]: | ******parse ISAKMP Oakley attribute:
Jul  1 16:51:07 devbox pluto[17883]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul  1 16:51:07 devbox pluto[17883]: |    length/value: 5
Jul  1 16:51:07 devbox pluto[17883]: |    [5 is OAKLEY_3DES_CBC]
Jul  1 16:51:07 devbox pluto[17883]: | ******parse ISAKMP Oakley attribute:
Jul  1 16:51:07 devbox pluto[17883]: |    af+type: OAKLEY_HASH_ALGORITHM
Jul  1 16:51:07 devbox pluto[17883]: |    length/value: 1
Jul  1 16:51:07 devbox pluto[17883]: |    [1 is OAKLEY_MD5]
Jul  1 16:51:07 devbox pluto[17883]: | ******parse ISAKMP Oakley attribute:
Jul  1 16:51:07 devbox pluto[17883]: |    af+type:
OAKLEY_AUTHENTICATION_METHOD
Jul  1 16:51:07 devbox pluto[17883]: |    length/value: 1
Jul  1 16:51:07 devbox pluto[17883]: |    [1 is OAKLEY_PRESHARED_KEY]
Jul  1 16:51:07 devbox pluto[17883]: "roadwarrior"[60] 80.137.xyz.yzx #60:
policy does not allow OAKLEY_PRESHARED_KEY authentication.  Attribute
OAKLEY_AUTHENTICATION_METHOD

More information about the Users mailing list