[Openswan Users] Newbie have , problems with PSK
John Joseph
jjk_saji at yahoo.com
Sun Sep 17 02:02:46 EDT 2006
--- Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 14 Sep 2006, John Joseph wrote:
>
> > conn l2tp-psk
> > pfs=no
> > left=192.168.242.100
> > leftnexthop=192.168.242.1
> > right=%any
> > #right=192.168.242.135
> > auto=add
> You are missing the protoport= lines. Please see the
> l2tp
> config examples in /etc/ipsec.d/examples/
>
> Paul
> --
Hi Paul
Thanks , I added the "protoport" lines , now my
"ipsec.conf" file is as
***
[root at psa ~]# cat /etc/ipsec.conf
version 2.0
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12
conn %default
keyingtries=3
compress=yes
disablearrivalcheck=no
authby=secret
type=tunnel
keyexchange=ike
ikelifetime=240m
keylife=60m
conn l2tp-psk
pfs=no
left=192.168.242.100
leftnexthop=192.168.242.1
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
#right=192.168.242.135
auto=add
******************************************************
And my "/var/log/secure" file shows the follwing
messages
My XP , client , i get error no 678 , one my client
VPN
***************************************************
Sep 17 12:52:56 psa pluto[11500]: packet from
192.168.242.135:500: ignoring Vendor ID payload [MS
NT5 ISAKMPOAKLEY 00000004]
Sep 17 12:52:56 psa pluto[11500]: packet from
192.168.242.135:500: ignoring Vendor ID payload
[FRAGMENTATION]
Sep 17 12:52:56 psa pluto[11500]: packet from
192.168.242.135:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 17 12:52:56 psa pluto[11500]: packet from
192.168.242.135:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: responding to Main Mode from
unknown peer 192.168.242.135Sep 17 12:52:56 psa
pluto[11500]: "l2tp-psk"[1] 192.168.242.135 #1:
transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: STATE_MAIN_R1: sent MR1, expecting
MI2
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: STATE_MAIN_R2: sent MR2, expecting
MI3
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: Main mode peer ID is ID_IPV4_ADDR:
'192.168.242.135'
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: I did not send a certificate
because I do not have one.
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp2048}
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #2: responding to Quick Mode
{msgid:b96c5079}
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #2: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 17 12:52:56 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #2: STATE_QUICK_R1: sent QR1, inbound
IPsec SA installed, expecting QI2
Sep 17 12:52:57 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #2: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 17 12:52:57 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #2: STATE_QUICK_R2: IPsec SA
established {ESP=>0xb321ae0f <0x3e0eae77
xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Sep 17 12:53:32 psa pluto[11500]: "l2tp-psk"[1]
192.168.242.135 #1: received Delete SA payload:
deleting ISAKMP State #1
Sep 17 12:53:32 psa pluto[11500]: packet from
192.168.242.135:500: received and ignored
informational message
Sep 17 12:53:32 psa pluto[11500]: packet from
192.168.242.135:500: Informational Exchange is for an
unknown (expired?) S
___________________________________________________________
Yahoo! Photos – NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com
More information about the Users
mailing list