[Openswan Users] Problem with conn road

sasa sasa at shoponweb.it
Fri Oct 28 16:40:10 CEST 2005 

Hi, aftert reboot ipsec/l2tpd services now in the log file I have:

Oct 28 15:20:46 test2 pluto[6436]: "left-road"[2] 213.45.198.178 #2: Can't authenticate: no preshared key found for `x.x.x.x' and `%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Oct 28 15:20:46 test2 last message repeated 2 times
Oct 28 15:20:46 test2 pluto[6436]: "left-road"[2] 213.45.198.178 #2: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 28 15:20:46 test2 pluto[6436]: "left-road"[2] 213.45.198.178 #2: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 28 15:20:46 test2 pluto[6436]: "left-road"[2] 213.45.198.178 #2: no acceptable Oakley Transform
Oct 28 15:20:46 test2 pluto[6436]: "left-road"[2] 213.45.198.178 #2: sending notification NO_PROPOSAL_CHOSEN to 213.45.198.178:500
Oct 28 15:20:46 test2 pluto[6436]: "left-road"[2] 213.45.198.178 #2: failed to build notification for spisize=0
Oct 28 15:20:46 test2 pluto[6436]: "left-road"[2] 213.45.198.178: deleting connection "left-road" instance with peer 213.45.198.178 {isakmp=#0/ipsec=#0}
Oct 28 15:20:48 test2 pluto[6436]: packet from 213.45.198.178:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 28 15:20:48 test2 pluto[6436]: packet from 213.45.198.178:500: ignoring Vendor ID payload [FRAGMENTATION]
Oct 28 15:20:48 test2 pluto[6436]: packet from 213.45.198.178:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off

..but I have in /etc/ipsec.secrets I have:

x.x.x.x  %any  :  PSK "123456789"
: RSA {
      # RSA 2192 bits   test2   Thu Oct 20 15:01:28 2005
      # for signatures only, UNSAFE FOR ENCRYPTION
      #pubkey=........

..and on xp client (IPSec Setting) I have writed the same key.
In the ipsec.conf I have:

conn %default
      authby=secret

conn left-road
  auto=add
  authby=secret
  pfs=no
  type=transport
...

Still thanks.

        Salvatore.

----- Original Message ----- 
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <users at openswan.org>
Sent: Friday, October 28, 2005 1:43 PM
Subject: Re: [Openswan Users] Problem with conn road


> sasa wrote:
> 
> > Hi, I have a problem with road connection from winXP to openswan.
> 
> What is the problem?
> 
> > In the log file I have:
> 
> [snip -- looks normal]
> 
> > [global]
> > listen-addr = 192.168.0.180
> > 
> > ..where is my error ?
> 
> That's what I'm wondering too. The only thing that I can think of
> is that you don't see an L2TP connection. l2tpd is listening on the
> internal interface. Are you using KLIPS or NETKEY? If you are using
> KLIPS you will have to add a DNAT rule. If you are using NETKEY, l2tpd
> should be listening on the external interface instead and you should
> probably use iptables to "mark" the packets. See also:
> 
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#listen-addr
> 
> Jacco
> -- 
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl
>                      Mosquitos suck
>

More information about the Users mailing list