[Openswan Users] Problem with authentication ?
Salvatore
sasa at shoponweb.it
Tue Mar 6 15:27:19 EST 2007
..sorry for my insistance but I haven't understood where is the problem in
my connection, if problem is on vpn client or vpn server ?
Thanks.
------
Salvatore.
----- Original Message -----
From: "Paul Wouters" <paul at xelerance.com>
To: "Salvatore" <sasa at shoponweb.it>
Cc: <users at openswan.org>
Sent: Monday, March 05, 2007 5:00 AM
Subject: Re: [Openswan Users] Problem with authentication ?
> On Sun, 4 Mar 2007, Salvatore wrote:
>
>> Hi, I use kernel 2.6.16.11 (with fedora core 4), openswan 2.4.5 with
>> nat-t
>> and klips patch, and xl2tp-1.1.06, occasionally with road connection I
>> have
>> a problem, in log file:
>
>> Mar 4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4:
>> responding to Main Mode from unknown peer 213.45.xxx.xxxMar 4 21:37:45
>> fw4
>> pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: policy does not allow
>> OAKLEY_RSA_SIG authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
>> Mar 4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4:
>> OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
>> Mar 4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4:
>> OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
>> Mar 4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: no
>> acceptable Oakley Transform
>> Mar 4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4:
>> sending
>> notification NO_PROPOSAL_CHOSEN to 213.45.xxx.xxx:500
>
>> config setup
>
>> authby=secret
>
>> conn left-road
>> auto=add
>> authby=secret
>> pfs=no
>> rekey=no
>> left=81.yyy.yyy.yyy
>> leftnexthop=81.yyy.yyy.zzz
>> leftprotoport=17/1701
>> right=%any
>> rightprotoport=17/1701
>> rightsubnet=vhost:%no,%priv
>> include /etc/ipsec.d/examples/no_oe.conf
>
> Looks like the client tried to do RSA (authby=rsasigkey) instead of PSK
> (authby=secret) and it tried to use single DES which openswan rejected.
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list