[Openswan Users] ipsec verify problem
ram
talk2ram at gmail.com
Tue Sep 19 01:26:36 EDT 2006
Hi
iam process of reading docs and trying to setup my vpn connection inside
office for testing
then later move to production
here is the proceedure i have followed
1. installed FC4
2. installed openwan 2.4
3. ppp installed
4. install l2tpd 0.69-13
ipsec.conf
version 2.0
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
nat_traversal=yes
#virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12
conn %default
keyingtries=3
compress=yes
disablearrivalcheck=no
authby=secret
type=tunnel
keyexchange=ike
ikelifetime=240m
keylife=60m
conn l2tp-psk
pfs=no
left=myiprange
#leftnexthop=192.168.242.1
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
right=%any
rightsubnet=vhost:%priv,%no
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
---------
l2tpd.conf
-----------------
[global]
listen-addr = Public ip of the VPN Server
[lns default]
ip range = Publicpool.18-publicpool.23
local ip = public ip other than VPN Server IP
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
--------------------------------
more options.l2tpd
require-mschap-v2
ipcp-accept-local
ipcp-accept-remote
ms-dns mypublic DNS IP
ms-dns mypublic DNS IP2
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
more chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
user * password *
I config XP vpn client using below link
http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html
opened the VPN connection enter user name and password
when i dial to the server
i get following message
Sep 19 16:45:12 vpn pluto[2495]: packet from mylaptopip:500: ignoring Vendor
ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 19 16:45:12 vpn pluto[2495]: packet from mylaptopip:500: ignoring Vendor
ID payload [FRAGMENTATION]
Sep 19 16:45:12 vpn pluto[2495]: packet from mylaptopip:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 19 16:45:12 vpn pluto[2495]: packet from mylaptopip:500: initial Main
Mode message received on myvpnip:500 but no connection has been authorized
Sep 19 16:45:13 vpn pluto[2495]: packet from mylaptopip:500: ignoring Vendor
ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 19 16:45:13 vpn pluto[2495]: packet from mylaptopip:500: ignoring Vendor
ID payload [FRAGMENTATION]
Sep 19 16:45:13 vpn pluto[2495]: packet from mylaptopip:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 19 16:45:13 vpn pluto[2495]: packet from mylaptopip:500: initial Main
Mode message received on myvpnip:500 but no connection has been authorized
any help will be great
Ram
On 9/18/06, Paul Wouters <paul at xelerance.com> wrote:
>
> On Mon, 18 Sep 2006, ram wrote:
>
> > Hi paul
> >
> > thanks for the help
> >
> > i have setup the server
> > and when i try to dial in to server IP
> >
> > on XP i get error
> >
> > Erro 789:
> >
> > Sep 18 19:37:03 vpn pluto[8538]: Can not opportunistically initiate
> > for myserverip to myxpip: KEY record for hostname as %myid (no good
> TXT): no
> > host vpn. for KEY record
>
> As stated before, you must include /etc/ipsec.d/examples/no_oe.conf to
> disable running OE.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060919/a2c4f3e8/attachment.html
More information about the Users
mailing list