[Openswan Users]
Greg
gregory.domagala at aliceadsl.fr
Wed Aug 9 12:23:34 EDT 2006
Thank you still Paul,
My Router: Public IP: 81.127.61.93
Local IP : 192.168.0.5
My VPN Gateway Local IP : 192.168.0.4
I've tried this
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:81.127.61.93/32
# Debug-logging controls :«none» for (almost) none,«all» for lots.
klipsdebug=none
plutodebug="none"
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-l2tp
left=192.168.0.4
leftcert=cert.pem
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
pfs=no
auto=add
type=transport
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
But it's the same log :(
I will become insane :)
> -----Message d'origine-----
> De : Paul Wouters [mailto:paul at xelerance.com]
> Envoyé : mercredi 9 août 2006 16:46
> À : Greg
> Cc : users at openswan.org
> Objet : RE: [Openswan Users]
>
> On Wed, 9 Aug 2006, Greg wrote:
>
> > I've change the parameter with my public IP then my private IP, I've
> > got the same log
>
> It needs to be the IP that is *on* the box, not the IP of the NAT gateway
> in front of it. Also, if your openswan box is NAT'ed, you need to exclude
> its local LAN range from virtual_private, and clients behind NAT on the
> same range cannot connect.
>
> > I think that will use the hammer on me
>
> hammers were mostly for ipsec passthrough dvices :)
>
> It saves a lot of time (and money) to give a VPN server its own public IP
> address. It's really worth an extra DSL line.
>
> Paul
>
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [FRAGMENTATION]
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500:
> received
> > Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [Vid-Initial-Contact]
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: initial
> > Main Mode message received on 192.168.0.4:500 but no connection has been
> > authorized
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [FRAGMENTATION]
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500:
> received
> > Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [Vid-Initial-Contact]
> > Aug 9 07:46:26 darko pluto[8695]: packet from 80.10.28.185:500: initial
> > Main Mode message received on 192.168.0.4:500 but no connection has been
> > authorized
> > Aug 9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> > Aug 9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [FRAGMENTATION]
> > Aug 9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500:
> received
> > Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> > Aug 9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [Vid-Initial-Contact]
> > Aug 9 07:46:28 darko pluto[8695]: packet from 80.10.28.185:500: initial
> > Main Mode message received on 192.168.0.4:500 but no connection has been
> > authorized
> > Aug 9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> > Aug 9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [FRAGMENTATION]
> > Aug 9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500:
> received
> > Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> > Aug 9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [Vid-Initial-Contact]
> > Aug 9 07:46:32 darko pluto[8695]: packet from 80.10.28.185:500: initial
> > Main Mode message received on 192.168.0.4:500 but no connection has been
> > authorized
> > Aug 9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> > Aug 9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [FRAGMENTATION]
> > Aug 9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500:
> received
> > Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> > Aug 9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [Vid-Initial-Contact]
> > Aug 9 07:46:40 darko pluto[8695]: packet from 80.10.28.185:500: initial
> > Main Mode message received on 192.168.0.4:500 but no connection has been
> > authorized
> > Aug 9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> > Aug 9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [FRAGMENTATION]
> > Aug 9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500:
> received
> > Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> > Aug 9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Vendor ID payload [Vid-Initial-Contact]
> > Aug 9 07:46:56 darko pluto[8695]: packet from 80.10.28.185:500: initial
> > Main Mode message received on 192.168.0.4:500 but no connection has been
> > authorized
> > Aug 9 07:47:11 darko pluto[8695]: packet from 80.10.28.185:500:
> ignoring
> > Delete SA payload: not encrypted
> > Aug 9 07:47:11 darko pluto[8695]: packet from 80.10.28.185:500:
> received
> > and ignored informational message
> >
> > Thanks,
> >
> > GD
> >
> > > -----Message d'origine-----
> > > De : Paul Wouters [mailto:paul at xelerance.com]
> > > Envoyé : mardi 8 août 2006 23:59
> > > À : Greg
> > > Cc : users at openswan.org
> > > Objet : RE: [Openswan Users]
> > >
> > > On Tue, 8 Aug 2006, Greg wrote:
> > >
> > > > conn roadwarrior-l2tp
> > > > left=%defaultroute
> > > > leftcert=/etc/ipsec.d/certs/cert.pem
> > > > leftprotoport=17/1701
> > > > right=%any
> > >
> > > You cannot use both %defaultroute and %any, because then openswan
> > > cannot determine if it is left or right.
> > > Since this is the server end, I assume that you know the IP for left=
> > >
> > > > Aug 8 23:17:01 darko pluto[4751]: packet from 90.95.19.131:500:
> initial
> > > > Main Mode message received on 192.168.0.4:500 but no connection has
> been
> > > > authorized
> > >
> > > That's because of the reasons above.
> > >
> > > Paul
> > > --
> > > Building and integrating Virtual Private Networks with Openswan:
> > > http://www.amazon.com/gp/product/1904811256/104-3099591-
> 2946327?n=283155
> >
>
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list