[Openswan Users] Ipsec Road Warrrior Problem

Andy Van den Heede andy.vandenheede at secuteam.com
Thu Oct 12 11:19:33 EDT 2006 

Hello,

 

I have a problem with the following setup (openswan - multiple
roadwarrior connections):

 

Oct 12 17:10:08 axsweb pluto[1411]: "roadwarrior1": deleting connection

Oct 12 17:10:08 axsweb pluto[1411]: added connection description
"roadwarrior1"

Oct 12 17:10:15 axsweb pluto[1411]: packet from 81.244.100.236:500:
received Vendor ID payload [Dead Peer Detection]

Oct 12 17:10:15 axsweb pluto[1411]: "roadwarrior1"[1] 81.244.100.236
#740: responding to Main Mode from unknown peer 81.244.100.236

Oct 12 17:10:15 axsweb pluto[1411]: "roadwarrior1"[1] 81.244.100.236
#740: Can't authenticate: no preshared key found for
`@roadwarrior1.openswan.local' and `%any'.  Attribute
OAKLEY_AUTHENTICATION_METHOD

Oct 12 17:10:15 axsweb pluto[1411]: "roadwarrior1"[1] 81.244.100.236
#740: no acceptable Oakley Transform

Oct 12 17:10:15 axsweb pluto[1411]: "roadwarrior1"[1] 81.244.100.236
#740: sending notification NO_PROPOSAL_CHOSEN to 81.244.100.236:500

Oct 12 17:10:15 axsweb pluto[1411]: "roadwarrior1"[1] 81.244.100.236:
deleting connection "roadwarrior1" instance with peer 81.244.100.236
{isakmp=#0/ipsec=#0}

 

My ipsec.secrets file looks like this:

 

@roadwarrior1.openswan.local %any : PSK "PreSharedKey"

 

I tried already adding the following lines below:

 

@roadwarrior1.openswan.local 0.0.0.0 : PSK "PreSharedKey"

 

My ipsec.conf file looks like this:

 

conn roadwarrior1

        left="62.166.214.114"

        leftsubnet="192.168.123.0/255.255.255.0"

        leftnexthop="62.166.214.113"

        leftid="@roadwarrior1.openswan.local"

        right="%any"

        rightsubnet="10.2.0.0/255.255.255.0"

        auto="start"

        authby="secret"

        type="tunnel"

        keyexchange="ike"

        auth="esp"

        pfs="no"

        ike="3des-md5-modp1024"

        esp="3des-md5-96"

        keylife="43200"

        rekey="yes"

 

How can I solve this? Is it possible to create a lot of such tunnels (I
don't like to work witj certificates)?

 

 

Thanks,

 

Andy Van den Heede

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061012/e6cd8bb8/attachment-0001.html

More information about the Users mailing list