[Openswan Users] no connection has been authorized
Martin Bene
martin.bene at icomedias.com
Mon Jan 16 16:56:00 CET 2006
Hi,
Running openswan-2.3.0 with klips(patched into kernel) on linux
2.6.11.7.
An ipsec connection that used to work stopped doing so over the weekend
- remote side denies any changes, I don't believe it.
Previously, remote IP was 193.154.158.254, now I see packets coming in
from 193.154.158.2 while no data at all arrives from 193.154.158.254.
I've changed right to 193.154.158.2 and added that address to
ipsec.secrets.
Still, the only thing that shows up in the logs is:
packet from 193.154.158.2:15519: initial Main Mode message
received on 62.99.243.178:500 but no connection
has been authorized
62.99.243.178 is the interface I'm expecting the connection on,
193.154.158.2 is the configured remote address.
Ipsec auto --status output for the connection:
000 "hsp-rknoe01": 192.168.11.11/32===62.99.243.178---62.99.243.177...
193.154.158.1---193.154.158.2===172.23.50.0/24;
unrouted; eroute owner: #0
000 "hsp-rknoe01": srcip=unset; dstip=unset
000 "hsp-rknoe01": ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 10
000 "hsp-rknoe01": policy: PSK+ENCRYPT+TUNNEL+PFS; prio: 32,24;
interface: eth0;
000 "hsp-rknoe01": newest ISAKMP SA: #0; newest IPsec SA: #0;
Currently, I presume that the problem could be caused by the strange
source port; I tried adding "nat_traversal=yes" to my configuration,
didn't help though.
Is the remote side just broken or is there something I could change (or
have overlooked?) in my configuration to make this work again?
Thanks, Martin
More information about the Users
mailing list