[Openswan Users] Road Warrior users and PSK

Wed Sep 14 17:17:01 CEST 2005

Hi,

I want to set up a vpn using PSK with road warrior users (Win XP)
Whe i asign and IP to the right side on my server i can connect perfect, but 
whe i asign %any i get the following error:

ipsec.conf

conn test
    authby=secret
    pfs=no
    left=172.17.33.2
    leftprotoport=17/1701
    right=0.0.0.0
    rightprotoport=17/1701
    auto=add

ipsec.secrets

172.17.33.2 0.0.0.0: PSK "phase"

chap-secrets

# client        server  secret                  IP addresses
user             *        123456                0.0.0.0


The output

Sep 14 16:12:42 sbf-vpn pluto[4807]: packet from 172.17.33.16:500: ignoring 
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 14 16:12:42 sbf-vpn pluto[4807]: packet from 172.17.33.16:500: ignoring 
Vendor ID payload [FRAGMENTATION]
Sep 14 16:12:42 sbf-vpn pluto[4807]: packet from 172.17.33.16:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port 
floating is off
Sep 14 16:12:42 sbf-vpn pluto[4807]: packet from 172.17.33.16:500: ignoring 
Vendor ID payload [Vid-Initial-Contact]
Sep 14 16:12:42 sbf-vpn pluto[4807]: "sbfroad"[7] 172.17.33.16 #7: 
responding to Main Mode from unknown peer 172.17.33.16
Sep 14 16:12:42 sbf-vpn pluto[4807]: "sbfroad"[7] 172.17.33.16 #7: Can't 
authenticate: no preshared key found for `172.17.33.2' and `%any'. 
Attribute OAKLEY_AUTHENTICATION_METHOD
Sep 14 16:12:42 sbf-vpn last message repeated 2 times
Sep 14 16:12:42 sbf-vpn pluto[4807]: "sbfroad"[7] 172.17.33.16 #7: 
OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Sep 14 16:12:42 sbf-vpn pluto[4807]: "sbfroad"[7] 172.17.33.16 #7: 
OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Sep 14 16:12:42 sbf-vpn pluto[4807]: "sbfroad"[7] 172.17.33.16 #7: no 
acceptable Oakley Transform
Sep 14 16:12:42 sbf-vpn pluto[4807]: "sbfroad"[7] 172.17.33.16 #7: sending 
notification NO_PROPOSAL_CHOSEN to 172.17.33.16:500
Sep 14 16:12:42 sbf-vpn pluto[4807]: "sbfroad"[7] 172.17.33.16: deleting 
connection "sbfroad" instance with peer 172.17.33.16 {isakmp=#0/ipsec=#0}