[Openswan Users] safenet + openswan
Luca Andreoli
l.andreoli at kelyansmc.it
Wed Sep 13 11:15:39 EDT 2006
i try to do a vpn connection in T-NAT
but the /var/log/secure
tell
Sep 13 17:20:45 mantofw pluto[12859]: packet from 83.103.71.142:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 13 17:20:45 mantofw pluto[12859]: packet from 83.103.71.142:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
responding to Main Mode from unknown peer 83.103.71.142
Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
transition from state (null) to state STATE_MAIN_R1
Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
ignoring Vendor ID payload [47bbe7c993f1fc13...]
Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
ignoring Vendor ID payload [da8e937880010000]
Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
received Vendor ID payload [Dead Peer Detection]
Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
received Vendor ID payload [XAUTH]
Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 13 17:21:55 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
max number of retransmissions (2) reached STATE_MAIN_R2
Sep 13 17:21:55 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142:
deleting connection "vpn-laptop" instance with peer 83.103.71.142
and stop...
i don't know what is the problem..
the config file is..
cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in Openswan's doc/examples file, in the HTML documentation, and online
# at http://www.openswan.org/docs/
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# Don't wait for pluto to complete every plutostart before
continuing
plutowait=no
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# Enable NAT-Traversal
nat_traversal=yes
# RFC1918 networks
#virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,!%v4:192.4.0.0/24
# Defaults for all connection descriptions
conn %default
keyingtries=0
disablearrivalcheck=no
dpdaction=hold
dpddelay=30
dpdtimeout=120
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand
authby=rsasig
auto=add
# Example VPN connection for the following scenario:
#
# leftsubnet
# 172.16.0.0/24---([172.16.0.1]left[10.0.0.10])---([10.0.0.1]router)-------\
# |
# rightsubnet |
# 192.168.0.0/24--([192.168.0.1]right[10.12.12.10])---([10.12.12.1]router)-/
#
#conn sample
# Left security gateway, subnet behind it, next hop toward right.
# left=10.0.0.10
# leftnexthop=10.0.0.1
# leftsubnet=172.16.0.0/24
# Right security gateway, subnet behind it, next hop toward left.
# right=10.12.12.10
# rightnexthop=10.12.12.1
# rightsubnet=192.168.0.0/24
# To initiate this connection automatically at startup,
# uncomment this:
#auto=start
conn vpn-laptop
type=tunnel
left=81.72.153.201
leftsubnet=192.4.0.0/24
leftnexthop=81.72.153.206
right=%any
rightsubnet=vhost:%no,%priv
keyingtries=1
disablearrivalcheck=no
keyexchange=ike
ikelifetime=1200
keylife=1200
esp=3des-md5-96
authby=secret
pfs=yes
auto=add
help me pls!!!
kernel-2.4.20-30.9.openswan_1.0.3_1
openswan-1.0.3-3
bye
luca a.
More information about the Users
mailing list