[Openswan Users] no connection has been authorized

Rob Mokkink rob at mokkinksystems.com
Sun Aug 7 14:11:52 CEST 2005


I recently posted a lot of question, but a lot of people don't understand my
testlab, so here's the explanation.

NOTE: Testlab is not connected to the INTERNET!!!!!!

 

 

Testlab:

 

 

Roadwarrior--------------------------------------gateway firewall(no deny
rules allows all)------------------------------openswan server

Ipaddress:  192.168.0.80                   external: 192.168.0.52
ipaddress: 10.0.0.1

                                                       Internal:  10.0.0.2

 

 

Now my ipsec.conf:

 

 

version 2.0

config setup
    interfaces=%defaultroute
    nat_traversal=yes
    klipsdebug=none
    plutodebug=none
    uniqueids=yes
    virtual_private=%v4:172.16.0.0/12,%v4:192.168.0.0/24

conn %default
    keyingtries=1
    compress=yes
    disablearrivalcheck=no
    authby=rsasig
    leftrsasigkey=%cert
    rightrsasigkey=%cert

conn L2TP-CERT
    #
    # Use a certificate. Disable Perfect Forward Secrecy.
    #
    authby=rsasig
    pfs=no
    left=192.168.0.52
    leftnexthop=10.0.0.2
    leftsubnet=10.0.0.0/8
    leftrsasigkey=%cert
    leftcert=/etc/ipsec.d/certs/dsfw.redhatfw.org.pem
    leftsendcert=always
    leftprotoport=17/1701
    #
    # The remote user.
    #
    right=%any
    rightrsasigkey=%cert
    rightcert=/etc/ipsec.d/certs/pc01.redhatfw.org.pem
    #rightsubnet=192.168.1.0/24
    rightprotoport=17/1701
    #
    # Authorize this connection, and wait for connection from user.
    #
    auto=add
    keyingtries=3

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
 

 

 

CA is setup and created certificates for server and clients.

 

Now i get this in my log:

 

 

Aug  7 12:57:16 dsfw pluto[5803]: packet from 192.168.0.80:500: initial Main
Mode message received on 10.0.0.1:500 but no connection has been authorized
Aug  7 12:57:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Delete SA payload: not encrypted
Aug  7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug  7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [FRAGMENTATION]
Aug  7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Aug  7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [26244d38eddb61b3...]
Aug  7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: initial Main
Mode message received on 10.0.0.1:500 but no connection has been authorized
Aug  7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug  7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [FRAGMENTATION]
Aug  7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Aug  7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [26244d38eddb61b3...]
Aug  7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: initial Main
Mode message received on 10.0.0.1:500 but no connection has been authorized

 

 

How has the answer for me??



 

Thanks in advance.

 

Regards,

 

Rob

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050807/33d1f1e7/attachment.htm


More information about the Users mailing list