[Openswan Users] Main Mode recieved not authorized/Destination
host unreachable
Michael Dobeson
dopey at cci.net.au
Fri Nov 12 10:14:44 CET 2004
Appeneded is my ipsec.conf. Its based on Nate Carlsons one size fits all
roadwarrior config.
I've noticed that I was having the same problem as Itai regarding
"Destination host unreachable" until I altered the line
interface=%defaultroute to interface="ipsec0=eth0"
I've since found that you shouldn't use the later on a 2.6+ kernel
Regardless of the above config, in the /var/log/messages I keep recieving
the error "%defaultroute requested but not known"
I supose this is all linked but I'm not sure where openswan pulls
%defaultroute from.
any suggestions would be awesome
Michael
version 2.0
config setup
interfaces="ipsec0=eth1"
nat_traversal=yes
#klipsdebug=all
#plutodebug=all
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=(your_subnet)/(your_netmask)
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=IPSEC.cci.net.au.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn roadwarrior-l2tp
pfs=no
leftprotoport=17/0
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-l2tp-updatedwin
pfs=no
leftprotoport=17/1701
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
----- Original Message -----
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <users at openswan.org>
Sent: Thursday, November 11, 2004 6:39 PM
Subject: Re: [Openswan Users] Main Mode recieved not authorized
> On Thu, Nov 11, 2004 at 02:32:20PM +1100, Michael Dobeson wrote:
>
>> I'm setting up a IPSEC/L2TP VPN server for a private wireless network.
>>
>> >Nov 11 13:15:06 Mcrae pluto[9985]: packet from 192.168.1.3:500: initial
>> >Main Mode message received on 192.168.1.253:500 but no connection has
>> >been
>> >authorized
>
> Have you checked /var/log/messages for error messages? Can the PSK/cert
> be found? Perhaps you could post your ipsec.conf?
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
More information about the Users
mailing list