[Openswan Users] Multiple Roadwarriors and strict mode
Henry Bürger
hbuerger at gmx.de
Mon Feb 19 13:20:30 EST 2007
Hello,
i have tried to confiugre multiple roadwarriors (right=any) on a VPN
router. One roadwarrior config used strict mode.
When i applied this config, i got only some tunnels working, others not.
In error case, i got log messages like this:
authpriv.warn: Feb 16 12:48:27 pluto[16623]: "VPN_RW_1"[2] 217.83.44.139
#20: policy does not allow OAKLEY_PRESHARED_KEY authentication.
Attribute OAKLEY_AUTHENTICATION_METHOD
authpriv.warn: Feb 16 12:48:27 pluto[16623]: "VPN_RW_1"[2] 217.83.44.139
#20: no acceptable Oakley Transform
authpriv.debug: Feb 16 12:48:27 pluto[16623]: | complete state
transition with (null)
authpriv.warn: Feb 16 12:48:27 pluto[16623]: "VPN_RW_1"[2] 217.83.44.139
#20: sending notification NO_PROPOSAL_CHOSEN to 217.83.44.139:500
I guess, what happened was described in ipsec_doi.c (line 2054).
But unfortunatelly in this case the first
"picked" right connection has strict mode set on.
I have strict mode patch, seen in bug report 558, applied.
Any hints ?
-Thanks in advance
Henry Bürger
More information about the Users
mailing list