[Openswan Users] Road warrior issue

Thiago Campos tmclistas at uol.com.br
Wed Aug 31 20:08:52 CEST 2005


Jacco,

I read some part of list archive and made some corrections on my conf. 
files. Sorry but i'm starting study about VPN. I want to L2TP-over-IPsec 
because i think its is easier to setup.

ipsec.conf

conn t4wroad
    authby=secret
    pfs=no
    left=192.168.0.2
    right=192.168.0.11
    auto=add

ipsec.secrets

192.168.0.2 192.168.0.11: PSK "blablabla"

Now i got a different error

Aug 31 19:03:33 beetle pluto[10948]: packet from 192.168.0.11:500: ignoring 
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 31 19:03:33 beetle pluto[10948]: packet from 192.168.0.11:500: ignoring 
Vendor ID payload [FRAGMENTATION]
Aug 31 19:03:33 beetle pluto[10948]: packet from 192.168.0.11:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port 
floating is off
Aug 31 19:03:33 beetle pluto[10948]: packet from 192.168.0.11:500: ignoring 
Vendor ID payload [Vid-Initial-Contact]
Aug 31 19:03:33 beetle pluto[10948]: "t4wroad" #2: responding to Main Mode
Aug 31 19:03:33 beetle pluto[10948]: "t4wroad" #2: transition from state 
STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 31 19:03:33 beetle pluto[10948]: "t4wroad" #2: transition from state 
STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: Main mode peer ID is 
ID_IPV4_ADDR: '192.168.0.11'
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: I did not send a 
certificate because I do not have one.
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: transition from state 
STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: sent MR3, ISAKMP SA 
established
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: cannot respond to IPsec 
SA request because no connection is known for 
192.168.0.2:17/1701...192.168.0.11:17/1701


----- Original Message ----- 
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <users at openswan.org>
Sent: Wednesday, August 31, 2005 5:51 PM
Subject: Re: [Openswan Users] Road warrior issue


> Thiago Campos wrote:
>
>> My box is a  Fedora 3  and openswan-2.3.1-1 i want it to be my vpn server 
>> in order to road warrior users connect to my LAN
>>
>> when i try to connect from my notebook to the server i got the error 792, 
>> on the server /var/log/secure show
>>
>> Can't authenticate: no preshared key found for @meudominio.com.br and 
>> `%any'
>>
>> the server configurations i followed the instructions from
>> http://wiki.openswan.org/index.php/Configuring
>> and the windows XP configs. i followd from 
>> http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html
>
> You are mixing two different VPN methods for Windows clients:
> plain IPsec and L2TP-over-IPsec. You will first have to decide
> which one(s) you want to support, and then fix your configuration.
>
>> Above the configurations files of my server
>>
>> /etc/ipsec.conf
>>
>> conn road
>>    left=192.168.0.2
>>    leftid=@meudominio.com.br
>>    leftsubnet=192.168.0.0/24
>>    leftrsasigkey=chave_do_servidor
>>    rightnexthop=%defaultroute
>>    right=%any
>>    rightid=@road.t4w.com.br
>>    auto=add
>>
>> Arquivo /etc/ipsec.secrets do servidor
>>
>> # Chave PSK
>> 192.168.0.100: PSK "chave"
>
> This seems to be a configuration for plain IPsec. However,
> the IP address in left= does not match your /etc/ipsec.secrets.
>
> The 'error 792' you mentioned above seems to indicate that
> you wanted to use L2TP/IPsec on the Windows client. That
> won't work with the plain IPsec configuration.
>
> Jacco
> -- 
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl 



More information about the Users mailing list