[Openswan Users] Fwd: [Fwd: [Fwd: Re: IP cache on ADSL Connections]]

Frederico Madeira fmadeira at gmail.com
Fri Nov 9 13:46:47 EST 2007 

HI Paul,

I did as you said, but didn't work.
The client can't connect to server. If I remove rekey=no it connect to
server.

Any idea ?

Thanks.

-- 
Frederico Madeira
fmadeira at gmail.com
www.madeira.eng.br

-------- Mensagem encaminhada --------
De: Paul Wouters <paul at xelerance.com>
Para: Frederico Madeira <fmadeira at gmail.com>
Cc: users at openswan.org
Assunto: Re: [Openswan Users] IP cache on ADSL Connections
Data: Thu, 8 Nov 2007 19:14:34 -0500 (EST)

On Thu, 8 Nov 2007, Frederico Madeira wrote:

> I added this parameter on both ipsec.conf, after this the tunnel didn't came up.

the side with rekey=no needs to use auto=add, as it cannot start.

Paul

> I got this in logs
>
> Nov  8 17:04:33 vpn pluto[12245]: packet from 189.70.198.203:500:
> initial Main Mode message received on 201.36.53.68:500 but no
> connection has been authorized
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> ignoring unknown Vendor ID payload [4f455a7e4261425d725c705f]
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [Dead Peer Detection]
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [RFC 3947] meth=109, but port floating is
> off
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
> but port floating is off
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
> but port floating is off
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
> but port floating is off
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Nov  8 17:05:13 vpn pluto[12245]: packet from 189.70.198.203:500:
> initial Main Mode message received on 201.36.53.68:500 but no
> connection has been authorized
>
> Bellow my ipsec.conf:
>
> config setup
>         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>         # klipsdebug=none
>         # plutodebug="control parsing"
>         nat_traversal=yes
>
> include /etc/ipsec.d/*.conf
>
> conn client_to_server
>     left=201.xx.xx.xx                # Local vitals
>     leftsubnet=192.168.10.0/24       #
>     leftid=@vpn.server         #
>     leftrsasigkey=0sAQPMugwfC6uU.........
>     leftnexthop=201.xx.xx.Xx      # correct in many situations
>     right=host01.no-ip.org            # Remote vitals
>     rightsubnet=192.168.20.0/24        #
>     rightid=@client.server        #
>     rightrsasigkey=0sAQOmxV.......
>     rightnexthop=%defaultroute     # correct in many situations
>     auto=start                       # authorizes but doesn't start this
>                                    # connection at startup
>
> Thanks.
>
>

   *Frederico Madeira*
fred at fonar.com.br
*Wivox / Fonar *
Tel: 55 81.3313.0005
Cel 55.81.9959.2534 (NOVO)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071109/512b0d29/attachment-0001.html

More information about the Users mailing list