[Openswan Users] Main Mode recieved not authorized/Destinationhost unreachable

Michael Dobeson dopey at cci.net.au
Fri Nov 12 14:33:19 CET 2004


Appologies, I attached an old ipsec.conf to the last email here is the 
current:


version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        #klipsdebug=all
        #plutodebug=all
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=192.168.1.0/255.255.255.0
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=IPSEC.cci.net.au.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-l2tp
        pfs=no
        leftprotoport=17/0
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-l2tp-updatedwin
        pfs=no
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

include /etc/ipsec.d/examples/no_oe.conf


Thanks
Michael


----- Original Message ----- 
From: "Michael Dobeson" <dopey at cci.net.au>
To: "Jacco de Leeuw" <jacco2 at dds.nl>
Cc: <users at openswan.org>
Sent: Friday, November 12, 2004 10:14 AM
Subject: Re: [Openswan Users] Main Mode recieved not 
authorized/Destinationhost unreachable


> Appeneded is my ipsec.conf. Its based on Nate Carlsons one size fits all 
> roadwarrior config.
> I've noticed that I was having the same problem as Itai regarding 
> "Destination host unreachable" until I altered the line 
> interface=%defaultroute to interface="ipsec0=eth0"
> I've since found that you shouldn't use the later on a 2.6+ kernel
>
> Regardless of the above config, in the /var/log/messages I keep recieving 
> the error "%defaultroute requested but not known"
> I supose this is all linked but I'm not sure where openswan pulls 
> %defaultroute from.
>
> any suggestions would be awesome
> Michael
>
>
> version 2.0
>
> config setup
>        interfaces="ipsec0=eth1"
>        nat_traversal=yes
>        #klipsdebug=all
>        #plutodebug=all
>        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> conn %default
>        keyingtries=1
>        compress=yes
>        disablearrivalcheck=no
>        authby=rsasig
>        leftrsasigkey=%cert
>        rightrsasigkey=%cert
>
> conn roadwarrior-net
>        leftsubnet=(your_subnet)/(your_netmask)
>        also=roadwarrior
>
> conn roadwarrior
>        left=%defaultroute
>        leftcert=IPSEC.cci.net.au.pem
>        right=%any
>        rightsubnet=vhost:%no,%priv
>        auto=add
>        pfs=yes
>
> conn roadwarrior-l2tp
>        pfs=no
>        leftprotoport=17/0
>        rightprotoport=17/1701
>        also=roadwarrior
>
> conn roadwarrior-l2tp-updatedwin
>        pfs=no
>        leftprotoport=17/1701
>        rightprotoport=17/1701
>        also=roadwarrior
>
> conn roadwarrior-all
>        leftsubnet=0.0.0.0/0
>        also=roadwarrior
>
>
>
>
> ----- Original Message ----- 
> From: "Jacco de Leeuw" <jacco2 at dds.nl>
> To: <users at openswan.org>
> Sent: Thursday, November 11, 2004 6:39 PM
> Subject: Re: [Openswan Users] Main Mode recieved not authorized
>
>
>> On Thu, Nov 11, 2004 at 02:32:20PM +1100, Michael Dobeson wrote:
>>
>>> I'm setting up a IPSEC/L2TP VPN server for a private wireless network.
>>>
>>> >Nov 11 13:15:06 Mcrae pluto[9985]: packet from 192.168.1.3:500: initial
>>> >Main Mode message received on 192.168.1.253:500 but no connection has 
>>> >been
>>> >authorized
>>
>> Have you checked /var/log/messages for error messages? Can the PSK/cert
>> be found?  Perhaps you could post your ipsec.conf?
>>
>> Jacco
>> -- 
>> Jacco de Leeuw            mailto:jacco2 at dds.nl
>> Zaandam, The Netherlands  http://www.jacco2.dds.nl
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users 




More information about the Users mailing list