[Openswan Users] Road warrior issue
Thiago Campos
tmclistas at uol.com.br
Wed Aug 31 20:08:52 CEST 2005
Jacco,
I read some part of list archive and made some corrections on my conf.
files. Sorry but i'm starting study about VPN. I want to L2TP-over-IPsec
because i think its is easier to setup.
ipsec.conf
conn t4wroad
authby=secret
pfs=no
left=192.168.0.2
right=192.168.0.11
auto=add
ipsec.secrets
192.168.0.2 192.168.0.11: PSK "blablabla"
Now i got a different error
Aug 31 19:03:33 beetle pluto[10948]: packet from 192.168.0.11:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 31 19:03:33 beetle pluto[10948]: packet from 192.168.0.11:500: ignoring
Vendor ID payload [FRAGMENTATION]
Aug 31 19:03:33 beetle pluto[10948]: packet from 192.168.0.11:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port
floating is off
Aug 31 19:03:33 beetle pluto[10948]: packet from 192.168.0.11:500: ignoring
Vendor ID payload [Vid-Initial-Contact]
Aug 31 19:03:33 beetle pluto[10948]: "t4wroad" #2: responding to Main Mode
Aug 31 19:03:33 beetle pluto[10948]: "t4wroad" #2: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 31 19:03:33 beetle pluto[10948]: "t4wroad" #2: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: Main mode peer ID is
ID_IPV4_ADDR: '192.168.0.11'
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: I did not send a
certificate because I do not have one.
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: sent MR3, ISAKMP SA
established
Aug 31 19:03:34 beetle pluto[10948]: "t4wroad" #2: cannot respond to IPsec
SA request because no connection is known for
192.168.0.2:17/1701...192.168.0.11:17/1701
----- Original Message -----
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <users at openswan.org>
Sent: Wednesday, August 31, 2005 5:51 PM
Subject: Re: [Openswan Users] Road warrior issue
> Thiago Campos wrote:
>
>> My box is a Fedora 3 and openswan-2.3.1-1 i want it to be my vpn server
>> in order to road warrior users connect to my LAN
>>
>> when i try to connect from my notebook to the server i got the error 792,
>> on the server /var/log/secure show
>>
>> Can't authenticate: no preshared key found for @meudominio.com.br and
>> `%any'
>>
>> the server configurations i followed the instructions from
>> http://wiki.openswan.org/index.php/Configuring
>> and the windows XP configs. i followd from
>> http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html
>
> You are mixing two different VPN methods for Windows clients:
> plain IPsec and L2TP-over-IPsec. You will first have to decide
> which one(s) you want to support, and then fix your configuration.
>
>> Above the configurations files of my server
>>
>> /etc/ipsec.conf
>>
>> conn road
>> left=192.168.0.2
>> leftid=@meudominio.com.br
>> leftsubnet=192.168.0.0/24
>> leftrsasigkey=chave_do_servidor
>> rightnexthop=%defaultroute
>> right=%any
>> rightid=@road.t4w.com.br
>> auto=add
>>
>> Arquivo /etc/ipsec.secrets do servidor
>>
>> # Chave PSK
>> 192.168.0.100: PSK "chave"
>
> This seems to be a configuration for plain IPsec. However,
> the IP address in left= does not match your /etc/ipsec.secrets.
>
> The 'error 792' you mentioned above seems to indicate that
> you wanted to use L2TP/IPsec on the Windows client. That
> won't work with the plain IPsec configuration.
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list