[Openswan Users] authentication error

Djiby Sy sydjiby at gmail.com
Mon May 21 15:11:51 EDT 2007 

Hi all,

I have installed Linux Openswan U2.4.7/K2.6.9-5.ELsmp (netkey) on 2 machines
for network to network connection.
My config file contains :

conn test
   type=tunnel
   keyexchange=ike
   keylife=2h
   ikelifetime=24h
   pfs=no
   ike=3des-md5-modp1024
   esp=3des-md5
   left=192.168.0.109
   #leftnexthop=192.168.92.1
   #leftsourceip=10.215.144.92
   leftsubnet=10.0.0.0/8
   right=192.168.0.2
   rightsubnet=192.168.0.0/24
   #rightid=
   #leftid=
   authby=secret
   auto=start

But when I start openswan, I got this in /var/log/secure :

May 21 18:53:26 localhost ipsec__plutorun: Starting Pluto subsystem...
May 21 18:53:26 localhost pluto[18255]: Starting Pluto (Openswan Version
2.4.7 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
May 21 18:53:26 localhost pluto[18255]: Setting NAT-Traversal port-4500
floating to on
May 21 18:53:26 localhost pluto[18255]:    port floating activation criteria
nat_t=1/port_fload=1
May 21 18:53:26 localhost pluto[18255]:   including NAT-Traversal patch
(Version 0.6c)
May 21 18:53:26 localhost pluto[18255]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
May 21 18:53:26 localhost pluto[18255]: no helpers will be started, all
cryptographic operations will be done inline
May 21 18:53:26 localhost pluto[18255]: Using NETKEY IPsec interface code on
2.6.9-5.ELsmp
May 21 18:53:27 localhost pluto[18255]: Changing to directory
'/etc/ipsec.d/cacerts'
May 21 18:53:27 localhost pluto[18255]: Changing to directory
'/etc/ipsec.d/aacerts'
May 21 18:53:27 localhost pluto[18255]: Changing to directory
'/etc/ipsec.d/ocspcerts'
May 21 18:53:27 localhost pluto[18255]: Changing to directory
'/etc/ipsec.d/crls'
May 21 18:53:27 localhost pluto[18255]:   Warning: empty directory
May 21 18:53:27 localhost pluto[18255]: added connection description "test"
May 21 18:53:27 localhost pluto[18255]: listening for IKE messages
May 21 18:53:27 localhost pluto[18255]: adding interface eth1/eth1
10.0.0.1:500
May 21 18:53:27 localhost pluto[18255]: adding interface eth1/eth1
10.0.0.1:4500
May 21 18:53:27 localhost pluto[18255]: adding interface eth0/eth0
192.168.0.109:500
May 21 18:53:27 localhost pluto[18255]: adding interface eth0/eth0
192.168.0.109:4500
May 21 18:53:27 localhost pluto[18255]: adding interface lo/lo 127.0.0.1:500
May 21 18:53:27 localhost pluto[18255]: adding interface lo/lo
127.0.0.1:4500
May 21 18:53:27 localhost pluto[18255]: adding interface lo/lo ::1:500
May 21 18:53:27 localhost pluto[18255]: loading secrets from
"/etc/ipsec.secrets"
May 21 18:53:27 localhost pluto[18255]: "test" #1: initiating Main Mode
May 21 18:53:27 localhost pluto[18255]: packet from 192.168.0.2:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN
May 21 18:53:27 localhost pluto[18255]: packet from 192.168.0.2:500:
received and ignored informational message
May 21 18:53:30 localhost pluto[18255]: packet from 192.168.0.2:500:
received Vendor ID payload [Openswan (this version) 2.4.7
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
May 21 18:53:30 localhost pluto[18255]: packet from 192.168.0.2:500:
received Vendor ID payload [Dead Peer Detection]
May 21 18:53:30 localhost pluto[18255]: "test" #2: responding to Main Mode
May 21 18:53:30 localhost pluto[18255]: "test" #2: Can't authenticate: no
preshared key found for `192.168.0.109' and `192.168.0.2'.  Attribute
OAKLEY_AUTHENTICATION_METHOD
May 21 18:53:30 localhost pluto[18255]: "test" #2: no acceptable Oakley
Transform
May 21 18:53:30 localhost pluto[18255]: "test" #2: sending notification
NO_PROPOSAL_CHOSEN to 192.168.0.2:500
May 21 18:53:37 localhost pluto[18255]: packet from 192.168.0.2:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN
May 21 18:53:37 localhost pluto[18255]: packet from 192.168.0.2:500:
received and ignored informational message
May 21 18:53:50 localhost pluto[18255]: packet from 192.168.0.2:500:
received Vendor ID payload [Openswan (this version) 2.4.7
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
May 21 18:53:50 localhost pluto[18255]: packet from 192.168.0.2:500:
received Vendor ID payload [Dead Peer Detection]


Please help me!

Best regards
--
Djiby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070521/1b215165/attachment.html

More information about the Users mailing list