[Openswan Users] Secret problem

Felipe Piccirilo piccirilo at gruponet.com.br
Tue Mar 22 14:29:39 CET 2005 


As I know, You cant put %any in your ipsec.secret. Try to use a rightid=@host.domain.com on yours ipsec.conf and then use ipsec.secret like:

216.204.182.20 @host.domain.com : PSK "testconnection"

on both sides.

should solve the problem.

[]s

On Tue, 22 Mar 2005 12:17:00 -0500
Glenn MacGregor <gtm at highstreetnetworks.com> wrote:

> Hi Again,
> 
> I am testing the roadwarriors connection. I am using openswan 2.3.0 on RedHat 8
> with a winXP client. My server config:
> 
> version 2.0
> 
> config setup
>         klipsdebug=none
>         plutodebug=control
>         interfaces=%defaultroute
>         uniqueids=yes
> 
> conn %default
>         keyingtries=1
>         disablearrivalcheck=no
>         authby=secret
> 
> conn roadwarrior
>         left=216.204.182.20
>         leftnexthop=%defaultroute
>         leftsubnet=192.168.0.0/255.255.255.0
>         right=%any
>         authby=secret
>         auto=add
> 
> include /etc/ipsec.d/no_oe.conf
> 
> My ipsec.secret
> 
> 216.204.182.20 %any : PSK "testconnection"
> 
> When I connect with my XP client get these log messages
> 
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | instantiated "roadwarrior" for
> 216.204.182.21
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | creating state object #2 at 0x80f9958
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | ICOOKIE:  a1 e6 30 32  37 0c eb 2c
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | RCOOKIE:  58 ba d3 0c  61 fd 4e 67
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | peer:  d8 cc b6 15
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | state hash entry 28
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | inserting event EVENT_SO_DISCARD,
> timeout in 0 seconds for #2
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: "roadwarrior"[2] 216.204.182.21 #2:
> responding to Main Mode from unknown peer 216.204.182.21
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | started looking for secret for
> 216.204.182.20->216.204.182.21 of kind PPK_PSK
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | actually looking for secret for
> 216.204.182.20->216.204.182.21 of kind PPK_PSK
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | 1: compared PSK 0.0.0.0 to
> 216.204.182.20 / 216.204.182.21 -> 0
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | 2: compared PSK 216.204.182.20 to
> 216.204.182.20 / 216.204.182.21 -> 4
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: | concluding with best_match=0
> best=(nil) (lineno=-1)
> Mar 22 12:00:34 lab-xpress6 pluto[15058]: "roadwarrior"[2] 216.204.182.21 #2:
> Can't authenticate: no preshared key found for `216.204.182.20' and `%any'. 
> Attribute OAKLEY_AUTHENTICATION_METHOD
> 
> 
> So looking at this it seems there is a problem matching %any (0.0.0.0). I tested
> that theory by replacing %any with the ip of my XP laptop. I got in no problem.
> Is there something wrong with my config/secret? I assume the %any is there to
> match any incoming request since I am not going to know the address of the client.
> 
> Thanks
> 
>  Glenn
> 
> 
> 
> 
> 
> Glenn MacGregor
> HighStreet Networks
> 
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list