[Openswan Users] Problem with authentication ?

Salvatore sasa at shoponweb.it
Tue Mar 6 15:56:15 EST 2007


"Paul Wouters" wrote:
> It is the combination. client and server do not agree on the proposal

..my dubiosu are:

- why this problem is present occassionally ?
- this problem is present with more clients that when are conncected to 
another vpn is all ok
- if in ipsec.conf there is "authby=secret" why vpn server not accepted the 
incoming connection ?

Thanks.

------
Salvatore.


----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "Salvatore" <sasa at shoponweb.it>
Cc: <users at openswan.org>
Sent: Tuesday, March 06, 2007 9:42 PM
Subject: Re: [Openswan Users] Problem with authentication ?


> On Tue, 6 Mar 2007, Salvatore wrote:
>
> It is the combination. client and server do not agree on the proposal
>
>> Date: Tue, 6 Mar 2007 21:27:19 +0100
>> From: Salvatore <sasa at shoponweb.it>
>> Cc: users at openswan.org
>> To: Paul Wouters <paul at xelerance.com>
>> Subject: Re: [Openswan Users] Problem with authentication ?
>>
>> ..sorry for my insistance but I haven't understood where is the problem 
>> in my
>> connection, if problem is on vpn client or vpn server ?
>> Thanks.
>>
>> ------
>> Salvatore.
>>
>> ----- Original Message ----- From: "Paul Wouters" <paul at xelerance.com>
>> To: "Salvatore" <sasa at shoponweb.it>
>> Cc: <users at openswan.org>
>> Sent: Monday, March 05, 2007 5:00 AM
>> Subject: Re: [Openswan Users] Problem with authentication ?
>>
>>
>> > On Sun, 4 Mar 2007, Salvatore wrote:
>> >
>> > > Hi, I use kernel 2.6.16.11 (with fedora core 4), openswan 2.4.5 with 
>> > > nat-t
>> > > and klips patch, and xl2tp-1.1.06, occasionally with road connection 
>> > > I
>> > > have
>> > > a problem, in log file:
>> >
>> > > Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4:
>> > > responding to Main Mode from unknown peer 213.45.xxx.xxxMar  4 
>> > > 21:37:45
>> > > fw4
>> > > pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: policy does not allow
>> > > OAKLEY_RSA_SIG authentication.  Attribute 
>> > > OAKLEY_AUTHENTICATION_METHOD
>> > > Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4:
>> > > OAKLEY_DES_CBC is not supported.  Attribute 
>> > > OAKLEY_ENCRYPTION_ALGORITHM
>> > > Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4:
>> > > OAKLEY_DES_CBC is not supported.  Attribute 
>> > > OAKLEY_ENCRYPTION_ALGORITHM
>> > > Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: no
>> > > acceptable Oakley Transform
>> > > Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: 
>> > > sending
>> > > notification NO_PROPOSAL_CHOSEN to 213.45.xxx.xxx:500
>> >
>> > > config setup
>> >
>> > > authby=secret
>> >
>> > > conn left-road
>> > > auto=add
>> > > authby=secret
>> > > pfs=no
>> > > rekey=no
>> > > left=81.yyy.yyy.yyy
>> > > leftnexthop=81.yyy.yyy.zzz
>> > > leftprotoport=17/1701
>> > > right=%any
>> > > rightprotoport=17/1701
>> > > rightsubnet=vhost:%no,%priv
>> > > include /etc/ipsec.d/examples/no_oe.conf
>> >
>> > Looks like the client tried to do RSA (authby=rsasigkey) instead of PSK
>> > (authby=secret) and it tried to use single DES which openswan rejected.
>> >
>> > Paul
>> > --
>> > Building and integrating Virtual Private Networks with Openswan:
>> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>> >
>>
>
> -- 
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 



More information about the Users mailing list