[Openswan Users] Guidance requested for PSK connection ; getting error 789
John Joseph
jjk_saji at yahoo.com
Wed Nov 8 08:32:34 EST 2006
Hi
I am trying to establish a VPN connection between
two PC , One has a fixed IP address and other has
dynamic IP address.
I am using PSK keys to authenticate , I am facing
some problems in getting the connection established ,
I feel I had got wrong on "right" "left" parameter.
I get the error
"Error: 789 "The L2TP connection attempt failed
because the security layer encountered a processing
error during initial negotiations with the remote
computer""
I request guidance in solving this problem ,
I am adding my "/etc/ipsec.conf" and part of
"/var/log/secure" file
Thanks
Joseph John
********************
/etc/ipsec.conf ** 20X.XXX.XX.X ==> Fixed IP
address in which openSwan is running
** 86.98.xx.xx ==> The dynamic IP address
***************
# Manual: ipsec.conf.5
version 2.0
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12
conn %default
keyingtries=3
compress=yes
disablearrivalcheck=no
authby=secret
type=tunnel
keyexchange=ike
ikelifetime=240m
keylife=60m
conn l2tp-psk
pfs=no
left=20X.XXX.XX.X ## This is fixed IP
address
#leftnexthop=
leftprotoport=17/1701
right=%any
#right=123.XXX.XXX.1XX ## Road Warriors
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
********************************************************************************
The log file "/var/log/secure *** 20X.XXX.XX.X ==>
Fixed IP address in which openSwan is running
** 86.98.xx.xx ==> The dynamic IP address
**********
Nov 8 16:08:16 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 16:08:32 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 16:08:32 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 16:08:32 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 16:08:32 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 16:08:32 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 16:08:49 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Delete SA payload: not
encrypted
Nov 8 16:08:49 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received and ignored informational
message
Nov 8 13:10:15 ispc1 sshd[15912]: Accepted password
for root from ::ffff:86.98.37.232 port 60590 ssh2
Nov 8 17:10:15 ispc1 sshd[15911]: Accepted password
for root from ::ffff:86.98.37.232 port 60590 ssh2
Nov 8 17:14:48 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 17:14:48 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 17:14:48 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 17:14:48 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:14:48 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 17:14:53 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 17:14:53 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 17:14:53 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 17:14:53 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:14:53 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 17:14:58 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 17:14:58 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 17:14:58 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 17:14:58 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:14:58 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 17:15:05 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 17:15:05 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 17:15:05 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 17:15:05 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:15:05 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 17:15:13 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 17:15:13 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 17:15:13 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 17:15:13 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:15:13 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 17:16:49 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:16:49 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 17:16:51 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 17:16:51 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 17:16:51 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 17:16:51 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:16:51 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 17:16:55 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 17:16:55 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 17:16:55 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 17:16:55 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:16:55 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 17:17:03 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 17:17:03 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 17:17:03 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 17:17:03 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:17:03 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Nov 8 17:17:19 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Nov 8 17:17:19 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[FRAGMENTATION]
Nov 8 17:17:19 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 8 17:17:19 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Nov 8 17:17:19 ispc1 pluto[14846]: packet from
86.98.xx.xx:500: initial Main Mode message received on
20X.XXX.XX.X:500 but no connection has been authorized
Send instant messages to your online friends http://uk.messenger.yahoo.com
More information about the Users
mailing list