[Openswan Users] No preshared key found

tvsjr tvsjr at sprynet.com
Sat Jan 29 16:45:39 CET 2005 

I'm working on configuring a new firewall. This machine will support road
warriors using Jacco de Leeuw's excellent L2TP-over-IPSec tutorial. The
machine is a commodity P3 with 3 network interfaces - WAN, LAN, and DMZ,
running Fedora Core 3. I've just installed Openswan 2.3.0. I'm using the
same config files as I was on a Fedora Core 2 box running, I believe, 2.2.0.

 

When I attempt a connection from a laptop on the DMZ, I see several errors
in /var/log/secure. 

Jan 29 16:32:51 gatekeeper Pluto[6769]: "DMZ"[2] 192.168.222.50 #2: Can't
authenticate: no preshared key found for '192.168.222.1' and '%any'.
Attribute OAKLEY_AUTHENTICATION_METHOD.

Jan 29 16:32:51 gatekeeper Pluto[6769]: "DMZ"[2] 192.168.222.50 #2:
OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM.

Jan 29 16:32:51 gatekeeper Pluto[6769]: "DMZ"[2] 192.168.222.50 #2: no
acceptable Oakley Transform

Jan 29 16:32:51 gatekeeper Pluto[6769]: "DMZ"[2] 192.168.222.50 #2: sending
notification NO_PROPOSAL_CHOSEN to 192.168.222.50:500

Jan 29 16:32:51 gatekeeper Pluto[6769]: "DMZ"[2] 192.168.222.50 #2: deleting
connection "DMZ" instance with peer 192.168.222.50 {isakmp=#0/ipsec=#0}

 

The connection in ipsec.conf is as follows:

conn DMZ

            authby=secret

            pfs=no

            left=192.168.222.1

            leftprotoport=17/0

            right=%any

            rightprotoport=17/1701

            auto=add

            keyingtries=3

 

And ipsec.secrets:

192.168.222.1 %any: PSK "thisisatest"

 

: RSA   {

            Blah, blah blah.

 

 

I've been playing with it for an hour, with no success. As I said, a similar
configuration was running just fine under an earlier version of Openswan.
Interestingly enough, using the Fedora Core 3 RPM for 2.3.0 available on the
website (downloaded today), I had to add the ignore statements for the OE
policy groups. I thought Openswan shipped with those already disabled. Is
this an issue with 2.3.0, or am I missing something?

 

Thanks,

Terry

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050129/23c4ad4b/attachment.htm

More information about the Users mailing list