[Openswan Users] Secret problem

Glenn MacGregor gtm at highstreetnetworks.com
Tue Mar 22 12:17:00 CET 2005 

Hi Again,

I am testing the roadwarriors connection. I am using openswan 2.3.0 on RedHat 8
with a winXP client. My server config:

version 2.0

config setup
        klipsdebug=none
        plutodebug=control
        interfaces=%defaultroute
        uniqueids=yes

conn %default
        keyingtries=1
        disablearrivalcheck=no
        authby=secret

conn roadwarrior
        left=216.204.182.20
        leftnexthop=%defaultroute
        leftsubnet=192.168.0.0/255.255.255.0
        right=%any
        authby=secret
        auto=add

include /etc/ipsec.d/no_oe.conf

My ipsec.secret

216.204.182.20 %any : PSK "testconnection"

When I connect with my XP client get these log messages

Mar 22 12:00:34 lab-xpress6 pluto[15058]: | instantiated "roadwarrior" for
216.204.182.21
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | creating state object #2 at 0x80f9958
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | ICOOKIE:  a1 e6 30 32  37 0c eb 2c
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | RCOOKIE:  58 ba d3 0c  61 fd 4e 67
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | peer:  d8 cc b6 15
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | state hash entry 28
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #2
Mar 22 12:00:34 lab-xpress6 pluto[15058]: "roadwarrior"[2] 216.204.182.21 #2:
responding to Main Mode from unknown peer 216.204.182.21
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | started looking for secret for
216.204.182.20->216.204.182.21 of kind PPK_PSK
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | actually looking for secret for
216.204.182.20->216.204.182.21 of kind PPK_PSK
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | 1: compared PSK 0.0.0.0 to
216.204.182.20 / 216.204.182.21 -> 0
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | 2: compared PSK 216.204.182.20 to
216.204.182.20 / 216.204.182.21 -> 4
Mar 22 12:00:34 lab-xpress6 pluto[15058]: | concluding with best_match=0
best=(nil) (lineno=-1)
Mar 22 12:00:34 lab-xpress6 pluto[15058]: "roadwarrior"[2] 216.204.182.21 #2:
Can't authenticate: no preshared key found for `216.204.182.20' and `%any'. 
Attribute OAKLEY_AUTHENTICATION_METHOD


So looking at this it seems there is a problem matching %any (0.0.0.0). I tested
that theory by replacing %any with the ip of my XP laptop. I got in no problem.
Is there something wrong with my config/secret? I assume the %any is there to
match any incoming request since I am not going to know the address of the client.

Thanks

 Glenn





Glenn MacGregor
HighStreet Networks

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

More information about the Users mailing list