[Openswan Users] Only single and initial connection permitted

Oliver Tomkins oliver.tomkins at alliedvehicles.co.uk
Wed Jul 20 17:53:30 CEST 2005 

Hi all,

Still having problem with the the first connection being the only one 
that is able to connection.

Any of my three client machines can connect fine as long as they are the 
first. I am assuming for now this means that the client configuration is 
not the problem.

After the initial functioning connection is made - I try and connect one 
of the other.  I can see to SA being established and then 30 seconds 
later (the default??)

This

Jul 20 13:47:22 mini pluto[18629]: "vpn"[12] xxx.xxx.xxx.xxx #2880: 
IPsec SA established {ESP=>0xb3870c3d <0xb250cccf}
Jul 20 13:47:57 mini pluto[18629]: | *received 68 bytes from 
xxx.xxx.xxx.xxx:500 on eth0
Jul 20 13:47:57 mini pluto[18629]: | received encrypted packet from 
xxx.xxx.xxx.xxx:500
Jul 20 13:47:57 mini pluto[18629]: "vpn"[12] xxx.xxx.xxx.xxx #2879: 
received Delete SA(0xb3870c3d) payload: deleting IPSEC State
  #2880

I've enabled the windows 2000 client to log to the system log and it 
basically say the same thing and it doesn't get as far as the PPP stage 
so that remains empty.

ipsec.conf looks like this

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
         # Debug-logging controls:  "none" for (almost) none, "all" for 
lots.
         # klipsdebug=none
         # plutodebug="control parsing"
         #klipsdebug=all
         plutodebug=all
         uniqueids=no

# Add connections here

conn vpn
                 type=tunnel
                 pfs=no
                 compress=yes
                 auto=add
                 left=%defaultroute
                 leftrsasigkey=%cert
                 leftcert=ipsec.alliedvehicles.co.uk.pem
                 leftprotoport=17/1701
                 #leftnexthop=62.173.65.78
                 right=%any
                 rightrsasigkey=%cert
                 rightprotoport=17/1701


The client machines come to the firewall > to the IPSEC box where we use 
  DNAT & SNAT to rewrite the packets to the l2tpd box on the internal 
subnet.

Also I can't quite seem to figure out how we can force a particular 
client to use a certain connection definition??

Can anybody help?

Thanks,

Olly.


The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk

More information about the Users mailing list