No connection has been authorized was: Re: [Openswan Users]payloadproblem

sasa sasa at shoponweb.it
Thu Nov 17 14:21:47 CET 2005


Hi,
I can to add then I kill tunnel after of this the vpn connection is good

#ipsec auto --down sedeprinsedesecond
#ipsec auto --delete sedeprinsedesecond
#service ipsec restart

.. and if I don't stop a ping from clients bheind the two VPN end-point, the 
vpn connction not dead never and always functionally ! but however also when 
the ping is ok I have in the log:

>>Nov 16 10:45:45 fw4 pluto[3936]: packet from 1.2.3.5:500: initial Main 
>>Mode message received on 5.6.7.8:500 but no connection has been authorized

.. and I have always:

> Checking tun0x1002 at 1.2.3.4 from 10.0.0.0/24 to 192.168.1.0/24 [FAILED]

??
thanks !!

------
Salvatore.


----- Original Message ----- 
From: "sasa" <sasa at shoponweb.it>
To: "Paul Wouters" <paul at xelerance.com>
Cc: <users at openswan.org>
Sent: Thursday, November 17, 2005 1:46 PM
Subject: Re: No connection has been authorized was: Re: [Openswan 
Users]payloadproblem


> Hi, I am becoming crazy with this vpn !..
> the ipsec connection is up in fact:
>
>>#2: "sedeprinsedesecond":500 STATE_QUICK_I2 (sent QI2, IPsec SA 
>>established); EVENT_SA_REPLACE in 23056s; newest IPSEC; eroute owner
>
> ..but I have an error message:
>
>>Nov 16 10:45:45 fw4 pluto[3936]: packet from 1.2.3.5:500: initial Main 
>>Mode message received on 5.6.7.8:500 but no connection has been authorized
>
> ..now because I have a connection not authorized ? .. the ip address 
> 1.2.3.5 is router address and isn't pubblic address on fw/vpn, in fact the 
> ipsec.conf I have:
>
> #public ip on fw/vpn
> left=1.2.3.4
> leftsubnet=192.168.1.0/24
> #public ip on router (gw for fw/vpn)
> leftnexthop=1.2.3.5
> #public ip on fw/vpn
> right=5.6.7.8
> leftsubnet=10.0.0.0/24
> #public ip on router (gw for fw/vpn)
> rightnexthop=5.6.7.9
>
> ..the vpn connection (when log file say not authorized) it would not have 
> to make reference to 1.2.3.4 ?? and not to 1.2.3.5 !!
> in fact:
>
> #ipsec whack --status
> ...
> 000 "sedeprinsedesecond":
> 10.0.0.0/24===5.6.7.8[@5.6.7.8.f5.ngi.it]---5.6.7.9...1.2.3.5---1.2.3.4[@1.2.3.4.f5.ngi.it]===192.168.1.0/24;
>
> thanks again.
>
> ------
> Salvatore. 



More information about the Users mailing list