[Openswan Users] Vpn Multiple Connections

Andy Van den Heede andy.vandenheede at secuteam.com
Mon Oct 16 12:54:24 EDT 2006


Hello,

I changed this settings (auto=add and rekey=no), but the same result is
there. When one connection tries to build up the tunnel, openswan tries
to start another connection.

What else can be wrong in ipsec.conf?
Do i have to repeat all the settings for every connection?

Andy

 

-----Oorspronkelijk bericht-----
Van: Paul Wouters [mailto:paul at xelerance.com] 
Verzonden: maandag 16 oktober 2006 18:19
Aan: Andy Van den Heede
CC: users at openswan.org
Onderwerp: Re: [Openswan Users] Vpn Multiple Connections

On Mon, 16 Oct 2006, Andy Van den Heede wrote:

> The problem I have posted previous week is not yet solved like I
> send.....

You config is still broken

> conn connection1
>         left=62.166.214.114
>         leftsubnet=192.168.123.0/255.255.255.0
>         leftnexthop=62.166.214.113
>         leftid=@connection1.openswan.local
>         right=%any
>         rightsubnet=10.4.0.0/255.255.255.0
>         rightid=@openswan1.dyndns.org
>         auto=start
>         authby=secret
>         type=tunnel
>         keyexchange=ike
>         auth=esp
>         pfs=no
>         ike=3des-md5-modp1024
>         esp=3des-md5-96
>         aggrmode=yes
>         keylife=43200
>         rekey=yes

You cannot use right=%any with auto=start
You cnanot use right=%any with rekey=yes

You need auto=add and rekey=no

> Oct 16 16:23:31 axsweb pluto[1883]: "connection1"[2] 81.245.236.196
#93:
> initial Aggressive Mode packet claiming to be from
@openswan1.dyndns.org
> on 81.245.236.196 but no connection has been authorized

Did the second conn load at all? try:

ipsec auto --add connname2

The error is about something that is not working in ipsec.conf, it has
nothing to do with ipsec.secrets. That problem might bite you later.

Paul
_______________________________________________________________________

Zin in een slipcursus?

Kijk snel op http://www.axsweb.be

_______________________________________________________________________
Zin in een slipcursus?
Kijk snel op http://www.axsweb.be


More information about the Users mailing list