[Openswan Users] Help: no suitable connection for peer
Paul Wouters
paul at xelerance.com
Thu Feb 3 14:39:15 CET 2005
On Wed, 2 Feb 2005, Rodrigo wrote:
>
> Notebook(xp) gw vpn gw (debian)
> desktop(xp)
> 10.10.2.154-----------10.10.1.200--------------10.10.1.231 /
> 192.168.0.1--------192.168.0.2
> (dhcp) eth0(dhcp) / eth1
>
> version 2.0
>
> config setup
> interfaces=%defaultroute
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You forgot nat_traversal=yes
You forgot to add exlusion for your subnet from net:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.0.0/24
> my ipsec.secrets
> : RSA teste.key ""
Does that work for an empty passphrase? I thought you just didnt need to add it to the file
in that case?
> im using Marcus Müller's ipsec.exe utility with Win Xp
> prof sp2.
Make sure the windows firewall is off. I had issues where macafee (antivirus) was
spamvertising i wasnt running a firewall (which i dont want indeed) but it didn't
recognise the new windows builtin one (just its own brand I guess)
> conn roadwarrior
> left=%any
> right=10.10.1.231
> rightca="C=br,ST=paraiba,L=joao
> pessoa,O=teste,CN=teste,Email=nobregasz at yahoo.com.br
> <http://br.f149.mail.yahoo.com/ym/Compose?To=nobregasz@yahoo.com.br&YY=31559&order=down&sort=date&pos=0&view=a&head=b>"
Adding odd symbols in here is REALLY bad. Is this an email client mess up, or actually in your config?
> wehn im try ping 192.168.0.1 or 192.168.0.2 or
> 10.10.1.321 from 10.10.2.154 im receving Negotiating
> IP Security and 100% packet loss.
enable and check oakley.log
> im using iptables -A INPUT -p 50 -j ACCEPT
> iptables -A INPUT -p 51 -j ACCEPT
> iptables -A OUTPUT -p 50 -j ACCEPT
> iptables -A OUTPUT -p 51 -j ACCEPT
> iptables -A INPUT -p udp --sport 500 --dport 500 -j
> ACCEPT
> iptables -A OUTPUT -p udp --sport 500 --dport 500 -j
> ACCEPT
Add accept for udp 4500
> Feb 2 16:26:15 vpn pluto[3320]: packet from 10.10.2.154:500: ignoring Vendor
> ID payload [26244d38eddb61b3172a36e3d0cfb819]
I'd very much like to know what string vendoris is, basedon your oakley.log!
> Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5] 0.0.0.0/0===
> ...10.10.2.154===? #5: responding to Main Mode from unknown peer 10.10.2.154
that is because nat_traversal wasn't enabled.
Paul
--
"At best it is a theory, at worst a fantasy" -- Michael Crichton
More information about the Users
mailing list