[Openswan Users] Main Mode recieved not authorized/Destination host unreachable

Michael Dobeson dopey at cci.net.au
Fri Nov 12 10:14:44 CET 2004


Appeneded is my ipsec.conf. Its based on Nate Carlsons one size fits all 
roadwarrior config.
I've noticed that I was having the same problem as Itai regarding 
"Destination host unreachable" until I altered the line 
interface=%defaultroute to interface="ipsec0=eth0"
I've since found that you shouldn't use the later on a 2.6+ kernel

Regardless of the above config, in the /var/log/messages I keep recieving 
the error "%defaultroute requested but not known"
I supose this is all linked but I'm not sure where openswan pulls 
%defaultroute from.

any suggestions would be awesome
Michael


version 2.0

config setup
        interfaces="ipsec0=eth1"
        nat_traversal=yes
        #klipsdebug=all
        #plutodebug=all
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=(your_subnet)/(your_netmask)
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=IPSEC.cci.net.au.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-l2tp
        pfs=no
        leftprotoport=17/0
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-l2tp-updatedwin
        pfs=no
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior




----- Original Message ----- 
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <users at openswan.org>
Sent: Thursday, November 11, 2004 6:39 PM
Subject: Re: [Openswan Users] Main Mode recieved not authorized


> On Thu, Nov 11, 2004 at 02:32:20PM +1100, Michael Dobeson wrote:
>
>> I'm setting up a IPSEC/L2TP VPN server for a private wireless network.
>>
>> >Nov 11 13:15:06 Mcrae pluto[9985]: packet from 192.168.1.3:500: initial
>> >Main Mode message received on 192.168.1.253:500 but no connection has 
>> >been
>> >authorized
>
> Have you checked /var/log/messages for error messages? Can the PSK/cert
> be found?  Perhaps you could post your ipsec.conf?
>
> Jacco
> -- 
> Jacco de Leeuw            mailto:jacco2 at dds.nl
> Zaandam, The Netherlands  http://www.jacco2.dds.nl
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 




More information about the Users mailing list