[Openswan Users] no connection has been authorized

Martin Bene martin.bene at icomedias.com
Mon Jan 16 16:56:00 CET 2006


Running openswan-2.3.0 with klips(patched into kernel) on linux

An ipsec connection that used to work stopped doing so over the weekend
- remote side denies any changes, I don't believe it.

Previously, remote IP was, now I see packets coming in
from while no data at all arrives from
I've changed right to and added that address to

Still, the only thing that shows up in the logs is:

packet from initial Main Mode message 
	received on but no connection 
	has been authorized is the interface I'm expecting the connection on, is the configured remote address.

Ipsec auto --status output for the connection:

000 "hsp-rknoe01":; 
	unrouted; eroute owner: #0
000 "hsp-rknoe01":     srcip=unset; dstip=unset
000 "hsp-rknoe01":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 
	540s; rekey_fuzz: 100%; keyingtries: 10
000 "hsp-rknoe01":   policy: PSK+ENCRYPT+TUNNEL+PFS; prio: 32,24; 
	interface: eth0;
000 "hsp-rknoe01":   newest ISAKMP SA: #0; newest IPsec SA: #0;

Currently, I presume that the problem could be caused by the strange
source port; I tried adding "nat_traversal=yes" to my configuration,
didn't help though.

Is the remote side just broken or is there something I could change (or
have overlooked?) in my configuration to make this work again?

Thanks, Martin

More information about the Users mailing list