[Openswan Users] Ipsec Road Warrrior Problem

Andy Van den Heede andy.vandenheede at secuteam.com
Fri Oct 13 14:15:44 EDT 2006 

Hello all,

 

Since the post of my problem yesterday, I received a lot of tips and I
get everything working. Thanks for this!

 

Leaving the double quotes away leads me to this. Very strange, but this
works.

Also leave a space before : in the ipsec secrets file.

 

Thanks again,

 

Andy Van den Heede 

 

 

 

-----Oorspronkelijk bericht-----

Van: Paul Wouters [mailto:paul at xelerance.com] 

Verzonden: donderdag 12 oktober 2006 19:20

Aan: Andy Van den Heede

CC: users at openswan.org

Onderwerp: Re: [Openswan Users] Ipsec Road Warrrior Problem

 

On Thu, 12 Oct 2006, Andy Van den Heede wrote:

 

> I have a problem with the following setup (openswan - multiple

> roadwarrior connections):

 

> Oct 12 17:10:15 axsweb pluto[1411]: "roadwarrior1"[1] 81.244.100.236

> #740: Can't authenticate: no preshared key found for

> `@roadwarrior1.openswan.local' and `%any'.  Attribute

> OAKLEY_AUTHENTICATION_METHOD

 

Does "ipsec secrets" give an error?

 

> My ipsec.secrets file looks like this:

> 

> @roadwarrior1.openswan.local %any : PSK "PreSharedKey"

> 

> I tried already adding the following lines below:

> 

> @roadwarrior1.openswan.local 0.0.0.0 : PSK "PreSharedKey"

 

Can you try:

 

@roadwarrior1.openswan.local : PSK "PreSharedKey"

 

or

 

: PSK "PreSharedKey"

 

or

 

0.0.0.0 : PSK "PreSharedKey"

 

or

 

%any : PSK "PreSharedKey"

 

There are some known issues with the ipsec.secrets parsing for
roadwarriors,

 

> conn roadwarrior1

>         left="62.166.214.114"

>         leftsubnet="192.168.123.0/255.255.255.0"

>         leftnexthop="62.166.214.113"

>         leftid="@roadwarrior1.openswan.local"

>         right="%any"

>         rightsubnet="10.2.0.0/255.255.255.0"

>         auto="start"

>         authby="secret"

>         type="tunnel"

>         keyexchange="ike"

>         auth="esp"

>         pfs="no"

>         ike="3des-md5-modp1024"

>         esp="3des-md5-96"

>         keylife="43200"

>         rekey="yes"

 

Looks okay. Except I never use double quotes anywhere.

 

Paul

-- 

Building and integrating Virtual Private Networks with Openswan:

http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061013/bffe6433/attachment-0001.html

More information about the Users mailing list