[Fwd: RE: [Openswan Users]]

Greg gregory.domagala at aliceadsl.fr
Wed Aug 9 13:10:29 EDT 2006


Thanks Andy

	Problem with my MTA too :(

>Did your mail client do this, or does this line really not have any
> whitespace at the start? Lines within a section must be indented.
Yes, it's the mail client 

> Do your logs say the conn was loaded OK?
No problem, the conn was loaded

> Does 'ipsec auto --replace roadwarrior-l2tp' work OK?
No problem

conn roadwarrior-l2tp
        left=192.168.0.4
        leftcert=cert.pem
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        pfs=no
        auto=add

>Can you show us the output from 'ipsec auto --status'?
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.0.4
000 interface eth0/eth0 192.168.0.4
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 "roadwarrior-l2tp": 192.168.0.4[C=FR, ST=FRANCE, L=MERICOURT, O=WEF,
OU=INFO, CN=TEST, E=root at test.com]:17/1701...%virtual:17/1701===?; unrouted;
eroute owner: #0
000 "roadwarrior-l2tp":     srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "roadwarrior-l2tp":   CAs: 'C=FR, ST=FRANCE, L=MERICOURT, O=WEF,
OU=INFO, CN=TEST, E=root at test.fr'...'%any'
000 "roadwarrior-l2tp":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 1
000 "roadwarrior-l2tp":   policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL; prio:
32,32; interface: eth0;
000 "roadwarrior-l2tp":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000

	

> -----Message d'origine-----
> De : Andy Gay [mailto:andy at andynet.net]
> Envoyé : mercredi 9 août 2006 17:47
> À : users at openswan.org
> Cc : Greg
> Objet : [Fwd: RE: [Openswan Users]]
> 
> Can someone please forward this to Greg. He seems to be ignoring
> messages from me.
> 
> -------- Forwarded Message --------
> From: Andy Gay <andy at andynet.net>
> To: Greg <gregory.domagala at aliceadsl.fr>
> Cc: users at openswan.org
> Subject: RE: [Openswan Users]
> Date: Tue, 08 Aug 2006 19:44:24 -0400
> 
> On Tue, 2006-08-08 at 23:40 +0200, Greg wrote:
> 
> > config setup
> >       interfaces=%defaultroute
> >       nat_traversal=yes
> >
> >
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24,%v4:81
> .1
> > 27.61.93/32
> 
> Did your mail client do this, or does this line really not have any
> whitespace at the start? Lines within a section must be indented.
> 
> > Aug  8 23:17:01 darko pluto[4751]: packet from 90.95.19.131:500: initial
> > Main Mode message received on 192.168.0.4:500 but no connection has been
> > authorized
> 
> This sounds like the conn didn't load correctly, maybe due to the
> whitepace issue above.
> 
> Do your logs say the conn was loaded OK?
> Does 'ipsec auto --replace roadwarrior-l2tp' work OK?
> 
> Can you show us the output from 'ipsec auto --status'?
> 
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155




More information about the Users mailing list