[Openswan Users] No preshared key found
Jacco de Leeuw
jacco2 at dds.nl
Sun Jan 30 22:31:20 CET 2005
>> Jan 29 16:32:51 gatekeeper Pluto[6769]: "DMZ"[2] 192.168.222.50 #2: Can't
>> authenticate: no preshared key found for '192.168.222.1' and '%any'.
>> Attribute OAKLEY_AUTHENTICATION_METHOD.
>
> You didnt change IP addresses when you upgraded the machine? Odd
Perhaps Terry could try with right=<fixedIPaddress> first and then
later on switch to %any.
>> Jan 29 16:32:51 gatekeeper Pluto[6769]: "DMZ"[2] 192.168.222.50 #2:
>> OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM.
>
> Someone is asking 1DES and is being rejected. As it should be.
I have seen this lots of times when the peer could not be authenticated.
I don't know if this is specific to Windows, transport mode or L2TP/IPsec
or something, but it seems to be just a result of the previous
authentication problem.
> Change 192.168.222.50 to not request 1DES.
I don't think this is even configurable in the built-in Windows
client.
> why pfs=no? It's better to use pfs=yes
Sadly, the default policy of the Windows client is to reject PFS
(*insert conspiracy theory here*). See also:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#PFS
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list