[Openswan Users] IP cache on ADSL Connections

Paul Wouters paul at xelerance.com
Thu Nov 8 19:14:34 EST 2007 

On Thu, 8 Nov 2007, Frederico Madeira wrote:

> I added this parameter on both ipsec.conf, after this the tunnel didn't came up.

the side with rekey=no needs to use auto=add, as it cannot start.

Paul

> I got this in logs
>
> Nov  8 17:04:33 vpn pluto[12245]: packet from 189.70.198.203:500:
> initial Main Mode message received on 201.36.53.68:500 but no
> connection has been authorized
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> ignoring unknown Vendor ID payload [4f455a7e4261425d725c705f]
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [Dead Peer Detection]
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [RFC 3947] meth=109, but port floating is
> off
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
> but port floating is off
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
> but port floating is off
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
> but port floating is off
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> initial Main Mode message received on 201.36.53.68:500 but no
> connection has been authorized
>
> Bellow my ipsec.conf:
>
> config setup
>         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>         # klipsdebug=none
>         # plutodebug="control parsing"
>         nat_traversal=yes
>
> include /etc/ipsec.d/*.conf
>
> conn client_to_server
>     left=201.xx.xx.xx                # Local vitals
>     leftsubnet=192.168.10.0/24       #
>     leftid=@vpn.server         #
>     leftrsasigkey=0sAQPMugwfC6uU.........
>     leftnexthop=201.xx.xx.Xx      # correct in many situations
>     right=host01.no-ip.org            # Remote vitals
>     rightsubnet=192.168.20.0/24        #
>     rightid=@client.server        #
>     rightrsasigkey=0sAQOmxV.......
>     rightnexthop=%defaultroute     # correct in many situations
>     auto=start                       # authorizes but doesn't start this
>                                    # connection at startup
>
> Thanks.
>
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list