[Openswan Users] no connection has been authorized

Paul Wouters paul at xelerance.com
Mon Jan 16 19:18:01 CET 2006


On Mon, 16 Jan 2006, Martin Bene wrote:

> An ipsec connection that used to work stopped doing so over the weekend
> - remote side denies any changes, I don't believe it.
>
> Previously, remote IP was 193.154.158.254, now I see packets coming in
> from 193.154.158.2 while no data at all arrives from 193.154.158.254.
> I've changed right to 193.154.158.2 and added that address to
> ipsec.secrets.

I would confront them with this information and ask what they have changed.

> packet from 193.154.158.2:15519: initial Main Mode message
> 	received on 62.99.243.178:500 but no connection
> 	has been authorized

the high port might mean the gateway has moved behind NAT and a port forward.

> Currently, I presume that the problem could be caused by the strange
> source port; I tried adding "nat_traversal=yes" to my configuration,
> didn't help though.

They would need to do the same on their end.

> Is the remote side just broken or is there something I could change (or
> have overlooked?) in my configuration to make this work again?

What do you see if you tear down the entire connection and start from
scratch?

Paul


More information about the Users mailing list