[Openswan Users] OPenswan Router DI-804hv
Paul Wouters
paul at xelerance.com
Tue Oct 9 01:24:14 EDT 2007
On Mon, 8 Oct 2007, Valois Ivan Tomasi - Master Redes wrote:
> My server = 192.168.0.1
> My DI-804 = 192.168.0.250 (i`m testing in my network first)
>
> the comunication betwin is OK
>
> my log:
> packet from 192.168.0.250:500: received Vendor ID payload [RFC 3947] method
> set to=110
> "matriz" #1: responding to Main Mode
> "matriz" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> "matriz" #1: STATE_MAIN_R1: sent MR1, expecting MI2
> ERROR: asynchronous network error report on eth0 (sport=500) for message to
> 192.168.0.250 port 500, complainant 192.168.0.250: Connection refused [errno
> 111, origin ICMP type 3 code 3 (not authenticated)]
Looks like a missing port forward on the initiating end's NAT router?
The first repond packet hits an IP that has no IPsec daemon running.
Paul
>
> ipsec.conf:
>
> conn matriz
> left=192.168.0.1
> leftid=192.168.0.1
> leftsubnet=192.168.0.0/24
> leftnexthop=%defaultroute
> right=192.168.0.250
> rightsubnet=192.168.0.0/24
> rightid=192.168.0.250
> rightnexthop=%defaultroute
> keyexchange=ike
> ikelifetime=240m
> keylife=3600s
> pfs=yes
> compress=no
> #authby=secret
>
> authby=secret|rsasig
> keyingtries=0
> auto=add
>
> ipsec.secret
> : PSK "master" #(master is may preshared key)
>
> my dlink router
>
>
>
> Can someone helpme?
>
>
> Thanks and sorry my poor english!
>
> Valois
>
> --
>
>
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list