[Openswan Users] Help: no suitable connection for peer
Rodrigo
nobregasz at yahoo.com.br
Wed Feb 2 22:57:23 CET 2005
hi, im trying make a test lan with vpn gatway running
openswan 2.3 with debian woody.
this is my sample lan:
Notebook(xp) gw vpn gw (debian) desktop(xp)
10.10.2.154-----------10.10.1.200--------------10.10.1.231 / 192.168.0.1--------192.168.0.2
(dhcp) eth0(dhcp) / eth1
my ipsec.conf:
version 2.0
config setup
interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.0.0/255.255.255.0
also=roadwarrior
conn roadwarrior
left=eth1
leftcert=teste.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
my ipsec.secrets
: RSA teste.key ""
im using Marcus Müller's ipsec.exe utility with Win Xp
prof sp2.
here is the ipsec.conf from xp:
conn roadwarrior
left=%any
right=10.10.1.231
rightca="C=br,ST=paraiba,L=joao pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>"
network=auto
auto=start
pfs=yes
conn roadwarrior-net
left=%any
right=10.10.1.231
rightsubnet=192.168.0.0/255.255.255.0
rightca="C=br,ST=paraiba,L=joao pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>"
network=auto
auto=start
pfs=yes
wehn im try ping 192.168.0.1 or 192.168.0.2 or
10.10.1.321 from 10.10.2.154 im receving Negotiating
IP Security and 100% packet loss.
im using
iptables -A INPUT -p 50 -j ACCEPT
iptables -A INPUT -p 51 -j ACCEPT
iptables -A OUTPUT -p 50 -j ACCEPT
iptables -A OUTPUT -p 51 -j ACCEPT
iptables -A INPUT -p udp --sport 500 --dport 500 -j
ACCEPT
iptables -A OUTPUT -p udp --sport 500 --dport 500 -j
ACCEPT
so.. my gw log gives me (when i ping 192.168.0.2 from 10.0.2.154):
Feb 2 16:26:15 vpn pluto[3320]: packet from 10.10.2.154:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Feb 2 16:26:15 vpn pluto[3320]: packet from 10.10.2.154:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 2 16:26:15 vpn pluto[3320]: packet from 10.10.2.154:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 0
Feb 2 16:26:15 vpn pluto[3320]: packet from 10.10.2.154:500: ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: responding to Main Mode from unknown peer 10.10.2.154
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: transition from state (null) to state STATE_MAIN_R1
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: no suitable connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:16 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:16 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: no suitable connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:18 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:18 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: no suitable connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:22 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:22 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: no suitable connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:30 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:30 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: no suitable connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:46 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:26:46 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: no suitable connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>'
Feb 2 16:27:18 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: encrypted Informational Exchange message is invalid because it
is for incomplete ISAKMP SA
Feb 2 16:27:25 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===? #5: max number of retransmissions (2) reached STATE_MAIN_R2
Feb 2 16:27:25 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0=== ...10.10.2.154===?: deleting connection "packetdefault" instance with peer 10.10.2.154
{isakmp=#0/ipsec=#0}
Can anybody help me with this connection setup?
greets
More information about the Users
mailing list