[Openswan Users] stuck at Negotiating IP Security.
darkrealm
darkrealm.drjj at gmail.com
Fri Sep 16 01:41:42 CEST 2005
i know also see this:
Sep 16 00:31:17 darkrealm pluto[2196]: packet from 192.168.2.100:500:
initial Main Mode message received on 192.168.2.101:500 but no
connection has been authorized
but i don't understand why it itsn't authorized....
i've even added my ip itself to the row of ips and i've done
everything i could think of to my config files.
i now have these config files:
Linux server - /etc/ipsec.conf
version 2.0
config setup
interfaces="ipsec0=eth0"
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:192.168.2.0/16,%v4:192.168.2.100
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=darkrealm.key
rightrsasigkey=darkrealm.key
auto=ignore
#conn roadwarrior-net
# leftsubnet=255.255.255.0
conn roadwarrior-net
also=roadwarrior
conn roadwarrior-l2tp
pfs=no
leftprotoport=17/%any
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-all
also=roadwarrior
#conn roadwarrior-l2tp-updatedwin
# pfs=no
# leftprotoport=17/1701
# rightprotoport=17/1701
# also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=darkrealm.pem
right=%any
auto=add
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
include /etc/ipsec.d/examples/no_oe.conf
client windows XP box ipsec.conf
left=%any
right=192.168.2.101
rightca="C=NL, S=NH, L=AP, O=My Company Ltd, CN=darkrealm, E=info at darkrealm.nl
network=auto
auto=start
pfs=yes
#conn roadwarrior-net
# left=%any
# right=192.168.2.101
# rightsubnet=255.255.255.0
# rightca="C=NL, S=NH, L=AP, O=My Company Ltd, CN=darkrealm, E=info at darkrealm.nl
# network=auto
# auto=start
# pfs=yes
and the 'complete' log:
Sep 16 00:40:57 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 16 00:40:57 darkrealm pluto[4004]: packet from 192.168.2.100:500:
initial Main Mode message received on 192.168.2.101:500 but no
connection has been authorized
Sep 16 00:41:01 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 16 00:41:01 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [FRAGMENTATION]
Sep 16 00:41:01 darkrealm pluto[4004]: packet from 192.168.2.100:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
set to=106
Sep 16 00:41:01 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 16 00:41:01 darkrealm pluto[4004]: packet from 192.168.2.100:500:
initial Main Mode message received on 192.168.2.101:500 but no
connection has been authorized
Sep 16 00:41:09 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 16 00:41:09 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [FRAGMENTATION]
Sep 16 00:41:09 darkrealm pluto[4004]: packet from 192.168.2.100:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
set to=106
Sep 16 00:41:09 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 16 00:41:09 darkrealm pluto[4004]: packet from 192.168.2.100:500:
initial Main Mode message received on 192.168.2.101:500 but no
connection has been authorized
Sep 16 00:41:25 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 16 00:41:25 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [FRAGMENTATION]
Sep 16 00:41:25 darkrealm pluto[4004]: packet from 192.168.2.100:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
set to=106
Sep 16 00:41:25 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 16 00:41:25 darkrealm pluto[4004]: packet from 192.168.2.100:500:
initial Main Mode message received on 192.168.2.101:500 but no
connection has been authorized
Sep 16 00:41:47 darkrealm pluto[4004]: packet from 192.168.2.100:500:
ignoring Delete SA payload: not encrypted
Sep 16 00:41:47 darkrealm pluto[4004]: packet from 192.168.2.100:500:
received and ignored informational message
as you can see it kind of repeats it self.
if anybody could please give me some help i would be very greatfull.
More information about the Users
mailing list