[Openswan Users] Opwenswan and L2TP Problem !
Stanislav Nedelchev
stanislav.nedelchev at gmail.com
Tue Jun 7 13:53:26 CEST 2005
I made all of the changes in this e-mail and the result is
The peer that i'm trying is NAT-ed
wher > 213.91.208.250 x.x.x.x: PSK "mysecret"
x.x.x.x is client IP
Jun 7 13:48:15 fw pluto[25566]: packet from 80.80.157.81:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jun 7 13:48:15 fw pluto[25566]: packet from 80.80.157.81:500:
ignoring Vendor ID payload [FRAGMENTATION]
Jun 7 13:48:15 fw pluto[25566]: packet from 80.80.157.81:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jun 7 13:48:15 fw pluto[25566]: packet from 80.80.157.81:500:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
Jun 7 13:48:15 fw pluto[25566]: packet from 80.80.157.81:500: initial
Main Mode message received on 213.91.208.250:500 but n
o connection has been authorized with policy=PSK
On 6/7/05, Jacco de Leeuw <jacco2 at dds.nl> wrote:
>
> > it's made afer zeroing of firewall rules some rules is with zero bytes
> > traffic but it's not a problem .
>
> Don't forget to bring them back up as soon as possible.
>
> > virtual_private=%v4:192.168.0.0/24
>
> No, you want the exact opposite:
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.0.0/24
>
> > disablearrivalcheck=no
> > type=tunnel
> > keyexchange=ike
> > ikelifetime=240m
> > keylife=60m
>
> Could you comment the above out for the moment?
>
> > right=%any
>
> Could you use the IP address of the client here, i.e.
> right=x.x.x.x
>
> And also add the PSK:
> 213.91.208.250 x.x.x.x: PSK "mysecret"
>
> >>Did you clear rp_filter?
> >>echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
>
> Any luck with this?
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
>
More information about the Users
mailing list