[Openswan Users]

Paul Wouters paul at xelerance.com
Wed Aug 9 11:46:01 EDT 2006


On Wed, 9 Aug 2006, Greg wrote:

> 	I've change the parameter with my public IP then my private IP, I've
> got the same log

It needs to be the IP that is *on* the box, not the IP of the NAT gateway
in front of it. Also, if your openswan box is NAT'ed, you need to exclude
its local LAN range from virtual_private, and clients behind NAT on the
same range cannot connect.

> I think that will use the hammer on me

hammers were mostly for ipsec passthrough dvices :)

It saves a lot of time (and money) to give a VPN server its own public IP
address. It's really worth an extra DSL line.

Paul

> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: initial
> Main Mode message received on 192.168.0.4:500 but no connection has been
> authorized
> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> Aug  9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: initial
> Main Mode message received on 192.168.0.4:500 but no connection has been
> authorized
> Aug  9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Aug  9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> Aug  9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Aug  9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> Aug  9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500: initial
> Main Mode message received on 192.168.0.4:500 but no connection has been
> authorized
> Aug  9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Aug  9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> Aug  9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Aug  9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> Aug  9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500: initial
> Main Mode message received on 192.168.0.4:500 but no connection has been
> authorized
> Aug  9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Aug  9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> Aug  9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Aug  9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> Aug  9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500: initial
> Main Mode message received on 192.168.0.4:500 but no connection has been
> authorized
> Aug  9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Aug  9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> Aug  9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Aug  9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> Aug  9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500: initial
> Main Mode message received on 192.168.0.4:500 but no connection has been
> authorized
> Aug  9 07:47:11 darko pluto[8695]: packet from 80.10.28.185:500: ignoring
> Delete SA payload: not encrypted
> Aug  9 07:47:11 darko pluto[8695]: packet from 80.10.28.185:500: received
> and ignored informational message
>
> Thanks,
>
> GD
>
> > -----Message d'origine-----
> > De : Paul Wouters [mailto:paul at xelerance.com]
> > Envoyé : mardi 8 août 2006 23:59
> > À : Greg
> > Cc : users at openswan.org
> > Objet : RE: [Openswan Users]
> >
> > On Tue, 8 Aug 2006, Greg wrote:
> >
> > > conn roadwarrior-l2tp
> > >         left=%defaultroute
> > >         leftcert=/etc/ipsec.d/certs/cert.pem
> > >         leftprotoport=17/1701
> > >         right=%any
> >
> > You cannot use both %defaultroute and %any, because then openswan
> > cannot determine if it is left or right.
> > Since this is the server end, I assume that you know the IP for left=
> >
> > > Aug  8 23:17:01 darko pluto[4751]: packet from 90.95.19.131:500: initial
> > > Main Mode message received on 192.168.0.4:500 but no connection has been
> > > authorized
> >
> > That's because of the reasons above.
> >
> > Paul
> > --
> > Building and integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list