[Openswan Users] Again: "no connection is known for..."
Piero Filippin
filippinp at yahoo.co.uk
Wed Mar 30 12:18:18 CEST 2005
It is a shame that on IPCop mailing listthere is no one supporting me about VPNs#8230; Sorry to bother you aboutsomething that seems a IPCop problem (I think that IPCop writes the ipsecconfig wrong, this is not a #8220;bug#8221; or a #8220;problem#8221; withopenswan).
I had to change the ipcop createdconnection:
· Removed the#8220;leftsubnet#8221; line (that doesn#8217;t look good, now where I cansetup which network the VPN give access to?? #8211; the l2tpd will handlethis?)
· Added the#8220;pfs=no#8221; #8211; I don#8217;t know what this means, but if not plutocomplains about pfs, now it#8217;s happy
· Added the twoproto/port lines
config setup
interfaces=ipsec0=eth2
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.0.0/255.255.255.0,%v4:!192.168.1.0/255.255.255.0
conn %default
keyingtries=0
disablearrivalcheck=no
conn Laptop
left=192.168.1.100
leftcert=/var/ipcop/certs/hostcert.pem
leftprotoport=17/1701
rightprotoport=17/1701
right=%any
rightsubnet=vhost:%no,%priv
rightcert=/var/ipcop/certs/Laptopcert.pem
dpddelay=30
dpdtimeout=120
dpdaction=clear
authby=rsasig
auto=add
pfs=no
Now it kooks like the connection isestablished#8230; Note that is I touch the IPCop VPN web configuration, thatwill overwrite ipsec.conf, so I think I will have to modify the web scripts.
Mar 30 10:04:13 ipcop pluto[9156]: packet from192.168.1.108:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Mar 30 10:04:13 ipcop pluto[9156]: packet from 192.168.1.108:500:ignoring Vendor ID payload [FRAGMENTATION]
Mar 30 10:04:13 ipcop pluto[9156]: packet from192.168.1.108:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 30 10:04:13 ipcop pluto[9156]: packet from192.168.1.108:500: ignoring Vendor ID payload[26244d38eddb61b3172a36e3d0cfb819]
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #1: responding to Main Mode from unknown peer 192.168.1.108
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #1: transition from state (null) to state STATE_MAIN_R1
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03:no NAT detected
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=UK, O=Initiative,CN=Piero Laptop'
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #1: sent MR3, ISAKMP SA established
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #2: responding to Quick Mode
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #2: transition from state (null) to state STATE_QUICK_R1
Mar 30 10:04:13 ipcop pluto[9156]: "Laptop"[1]192.168.1.108 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 30 10:04:13ipcop pluto[9156]: "Laptop"[1] 192.168.1.108 #2: IPsec SA established
The last line looks like a#8220;good one#8221;, but windows still does not realize it and timeout aftera while#8230; Time to setup l2tpd I think#8230;
Any comment?
Piero
Send instant messages to your online friends http://uk.messenger.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050330/6ce41a85/attachment.htm
More information about the Users
mailing list