[Openswan Users] Main Mode recieved not
authorized/Destinationhost unreachable
Michael Dobeson
dopey at cci.net.au
Fri Nov 12 14:33:19 CET 2004
Appologies, I attached an old ipsec.conf to the last email here is the
current:
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
#klipsdebug=all
#plutodebug=all
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.1.0/255.255.255.0
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=IPSEC.cci.net.au.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn roadwarrior-l2tp
pfs=no
leftprotoport=17/0
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-l2tp-updatedwin
pfs=no
leftprotoport=17/1701
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
include /etc/ipsec.d/examples/no_oe.conf
Thanks
Michael
----- Original Message -----
From: "Michael Dobeson" <dopey at cci.net.au>
To: "Jacco de Leeuw" <jacco2 at dds.nl>
Cc: <users at openswan.org>
Sent: Friday, November 12, 2004 10:14 AM
Subject: Re: [Openswan Users] Main Mode recieved not
authorized/Destinationhost unreachable
> Appeneded is my ipsec.conf. Its based on Nate Carlsons one size fits all
> roadwarrior config.
> I've noticed that I was having the same problem as Itai regarding
> "Destination host unreachable" until I altered the line
> interface=%defaultroute to interface="ipsec0=eth0"
> I've since found that you shouldn't use the later on a 2.6+ kernel
>
> Regardless of the above config, in the /var/log/messages I keep recieving
> the error "%defaultroute requested but not known"
> I supose this is all linked but I'm not sure where openswan pulls
> %defaultroute from.
>
> any suggestions would be awesome
> Michael
>
>
> version 2.0
>
> config setup
> interfaces="ipsec0=eth1"
> nat_traversal=yes
> #klipsdebug=all
> #plutodebug=all
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> conn %default
> keyingtries=1
> compress=yes
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
> conn roadwarrior-net
> leftsubnet=(your_subnet)/(your_netmask)
> also=roadwarrior
>
> conn roadwarrior
> left=%defaultroute
> leftcert=IPSEC.cci.net.au.pem
> right=%any
> rightsubnet=vhost:%no,%priv
> auto=add
> pfs=yes
>
> conn roadwarrior-l2tp
> pfs=no
> leftprotoport=17/0
> rightprotoport=17/1701
> also=roadwarrior
>
> conn roadwarrior-l2tp-updatedwin
> pfs=no
> leftprotoport=17/1701
> rightprotoport=17/1701
> also=roadwarrior
>
> conn roadwarrior-all
> leftsubnet=0.0.0.0/0
> also=roadwarrior
>
>
>
>
> ----- Original Message -----
> From: "Jacco de Leeuw" <jacco2 at dds.nl>
> To: <users at openswan.org>
> Sent: Thursday, November 11, 2004 6:39 PM
> Subject: Re: [Openswan Users] Main Mode recieved not authorized
>
>
>> On Thu, Nov 11, 2004 at 02:32:20PM +1100, Michael Dobeson wrote:
>>
>>> I'm setting up a IPSEC/L2TP VPN server for a private wireless network.
>>>
>>> >Nov 11 13:15:06 Mcrae pluto[9985]: packet from 192.168.1.3:500: initial
>>> >Main Mode message received on 192.168.1.253:500 but no connection has
>>> >been
>>> >authorized
>>
>> Have you checked /var/log/messages for error messages? Can the PSK/cert
>> be found? Perhaps you could post your ipsec.conf?
>>
>> Jacco
>> --
>> Jacco de Leeuw mailto:jacco2 at dds.nl
>> Zaandam, The Netherlands http://www.jacco2.dds.nl
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list