[Openswan Users] no connection has been authorized
Rob Mokkink
rob at mokkinksystems.com
Sun Aug 7 14:11:52 CEST 2005
I recently posted a lot of question, but a lot of people don't understand my
testlab, so here's the explanation.
NOTE: Testlab is not connected to the INTERNET!!!!!!
Testlab:
Roadwarrior--------------------------------------gateway firewall(no deny
rules allows all)------------------------------openswan server
Ipaddress: 192.168.0.80 external: 192.168.0.52
ipaddress: 10.0.0.1
Internal: 10.0.0.2
Now my ipsec.conf:
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
klipsdebug=none
plutodebug=none
uniqueids=yes
virtual_private=%v4:172.16.0.0/12,%v4:192.168.0.0/24
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn L2TP-CERT
#
# Use a certificate. Disable Perfect Forward Secrecy.
#
authby=rsasig
pfs=no
left=192.168.0.52
leftnexthop=10.0.0.2
leftsubnet=10.0.0.0/8
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/dsfw.redhatfw.org.pem
leftsendcert=always
leftprotoport=17/1701
#
# The remote user.
#
right=%any
rightrsasigkey=%cert
rightcert=/etc/ipsec.d/certs/pc01.redhatfw.org.pem
#rightsubnet=192.168.1.0/24
rightprotoport=17/1701
#
# Authorize this connection, and wait for connection from user.
#
auto=add
keyingtries=3
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
CA is setup and created certificates for server and clients.
Now i get this in my log:
Aug 7 12:57:16 dsfw pluto[5803]: packet from 192.168.0.80:500: initial Main
Mode message received on 10.0.0.1:500 but no connection has been authorized
Aug 7 12:57:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Delete SA payload: not encrypted
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [FRAGMENTATION]
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [26244d38eddb61b3...]
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: initial Main
Mode message received on 10.0.0.1:500 but no connection has been authorized
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [FRAGMENTATION]
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring
Vendor ID payload [26244d38eddb61b3...]
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: initial Main
Mode message received on 10.0.0.1:500 but no connection has been authorized
How has the answer for me??
Thanks in advance.
Regards,
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050807/33d1f1e7/attachment.htm
More information about the Users
mailing list