[Openswan Users] Road Warrior users and PSK

[Thiago Campos]

Andy,

Thanks! I solved this issue doing

ipsec.conf

right=%any

ipsec.secrets

172.17.33.2: PSK "phase"

It apears to connect but disconnects in 1 second.

Sep 14 16:47:05 sbf-vpn pluto[5071]: packet from 172.17.33.16:500: ignoring 
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 14 16:47:05 sbf-vpn pluto[5071]: packet from 172.17.33.16:500: ignoring 
Vendor ID payload [FRAGMENTATION]
Sep 14 16:47:05 sbf-vpn pluto[5071]: packet from 172.17.33.16:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port 
floating is off
Sep 14 16:47:05 sbf-vpn pluto[5071]: packet from 172.17.33.16:500: ignoring 
Vendor ID payload [Vid-Initial-Contact]
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: 
responding to Main Mode from unknown peer 172.17.33.16
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: 
STATE_MAIN_R1: sent MR1, expecting MI2
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: 
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: 
STATE_MAIN_R2: sent MR2, expecting MI3
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: Main mode 
peer ID is ID_IPV4_ADDR: '172.17.33.16'
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: I did not 
send a certificate because I do not have one.
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: 
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY 
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #6: 
responding to Quick Mode {msgid:555fcf26}
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #6: 
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 14 16:47:05 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #6: 
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep 14 16:47:07 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #6: 
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 14 16:47:07 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #6: 
STATE_QUICK_R2: IPsec SA established {ESP=>0xbccf4317 <0x77eb5079 
xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Sep 14 16:47:08 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: received 
Delete SA(0xbccf4317) payload: deleting IPSEC State #6
Sep 14 16:47:08 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: received 
and ignored informational message
Sep 14 16:47:08 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16 #5: received 
Delete SA payload: deleting ISAKMP State #5
Sep 14 16:47:08 sbf-vpn pluto[5071]: "sbfroad"[3] 172.17.33.16: deleting 
connection "sbfroad" instance with peer 172.17.33.16 {isakmp=#0/ipsec=#0}
Sep 14 16:47:08 sbf-vpn pluto[5071]: packet from 172.17.33.16:500: received 
and ignored informational message
----- Original Message ----- 
From: "Andy" <fs at globalnetit.com>
To: "Thiago Campos" <tmclistas at uol.com.br>
Cc: <users at openswan.org>
Sent: Wednesday, September 14, 2005 4:41 PM
Subject: Re: [Openswan Users] Road Warrior users and PSK


> On Wed, 2005-09-14 at 16:17 -0300, Thiago Campos wrote:
>
>> ipsec.secrets
>>
>> 172.17.33.2 0.0.0.0: PSK "phase"
>>
> Try making that just:
> 172.17.33.2 : PSK "phase"
> or
> 172.17.33.2 %any: PSK "phase"
>
> Remember to do 'ipsec auto --rereadsecrets' if you change that file!
>
> The manpage for ipsec.secrets does say "Currently, the obsolete notation
> 0.0.0.0 may be used in place of %any". Maybe that's not true any more?
>
>> Sep 14 16:12:42 sbf-vpn pluto[4807]: "sbfroad"[7] 172.17.33.16 #7: Can't
>> authenticate: no preshared key found for `172.17.33.2' and `%any'.
>> Attribute OAKLEY_AUTHENTICATION_METHOD
>
>