[Openswan Users] No connection errors.

Peter McGill petermcgill at goco.net
Mon May 28 08:41:34 EDT 2007 

> -----Original Message-----
> Date: Sun, 27 May 2007 09:51:32 -0400
> From: erol at diabolic.ca (erol)
> Subject: [Openswan Users] No connection errors.
> To: users at openswan.org
> 
> Using OpenSwan and l2tpd I've run into the following error in my
> logs when trying to connect:
> 
> May 24 09:00:09 ds24 pluto[7967]: packet from 
> 59.90.72.248:500: initial Main Mode message received on 
> 201.218.196.20:500 but no
> connection has been authorized
> 
> 
> I have Googled the error and tried the various suggestions I've
> ound. Admittedly my knowledge is a little thin when it comes to
> OpenSWAN and such. However I'd appreciate if someone could take a
> look at my ipsec barf output and tell me if things look kosher.
> 
> This was setup using a Howto I had previously used (and
> successfully at that, which is why I am further baffled).
> 
> 
> Anyhow, any assistance would be most appreciated. You can find
> the barf output here:

#< /etc/ipsec.d/l2tp-psk.conf 1
conn L2TP-PSK
        #
        authby=secret
        pfs=no
        rekey=no
        keyingtries=3
        #
        # ----------------------------------------------------------
        # The VPN server.
        #
        # Allow incoming connections on the external network interface.
        # If you want to use a different interface or if there is no
        # defaultroute, you can use:   left=your.ip.addr.ess
        #
        left=%defaultroute
        #left=201.218.196.20
	#leftnexthop=%direct
	interfaces=%defaultroute
        #
        leftprotoport=17/1701
        # If you insist on supporting non-updated Windows clients,
        # you can use:    leftprotoport=17/%any
        #
        # ----------------------------------------------------------
        # The remote user(s).
        #
        # Allow incoming connections only from this IP address.
        right=%any
        # If you want to allow multiple connections from any IP address,
        # you can use:    right=%any
        #
        rightprotoport=17/%any
	rightsubnet=vhost:%priv
        #
        # ----------------------------------------------------------
        # Change 'ignore' to 'add' to enable this configuration.
        #
        auto=ignore

Here is a problem, auto=ignore, you need auto=add, or the connection will not
Be used, it will be ignored, and you will get the message your getting.

Peter

More information about the Users mailing list