[Openswan Users] Problem with "left=%any" option

PVG Ravi Kumar pvgravi at dlink.co.in
Wed Dec 3 01:57:38 EST 2008 

Hello All,

 

I am using openswan 2.4.13 with fedora core 4 system.

 

I applied all the required patches and the normal tunnel establishment is
working fine.

 

As per the ipsec.conf man page, "left=%any" option signifies an address to
be filled during negotiations.

But when I try this option with my config file, the tunnel establishment
process is not succeeding

 

Here is my config file:

 

# basic configuration

config setup

    interfaces=%defaultroute

    nat_traversal=yes

 

conn RemoteGateway

            type=tunnel

            authby=secret

            left=%any

            leftid=10.1.1.253

            leftsubnet=192.168.100.1/24

            right=192.168.10.173

            rightid=10.1.1.254

            rightsubnet=192.168.200.1/24

            ike=aes-128-sha1-modp1024

            auth=esp

            esp=aes-128-sha1

            pfs=no

            auto=route

 

 

Log messages:

Dec  3 12:03:42 localhost pluto[4666]: packet from 192.168.10.173:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
already using method 109

Dec  3 12:03:42 localhost pluto[4666]: packet from 192.168.10.173:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

Dec  3 12:03:42 localhost pluto[4666]: | nat-t detected, sending nat-t VID

Dec  3 12:03:42 localhost pluto[4666]: | find_host_connection called from
main_inI1_outR1

Dec  3 12:03:42 localhost pluto[4666]: | find_host_pair_conn
(find_host_connection2): 192.168.10.193:500 192.168.10.173:500 -> hp:none 

Dec  3 12:03:42 localhost pluto[4666]: | find_host_connection called from
main_inI1_outR1

Dec  3 12:03:42 localhost pluto[4666]: | find_host_pair_conn
(find_host_connection2): 192.168.10.193:500 %any:500 -> hp:none 

Dec  3 12:03:42 localhost pluto[4666]: packet from 192.168.10.173:500:
initial Main Mode message received on 192.168.10.193:500 but no connection
has been authorized

Dec  3 12:03:42 localhost pluto[4666]: | complete state transition with
STF_IGNORE

Dec  3 12:03:42 localhost pluto[4666]: | next event EVENT_PENDING_PHASE2 in
73 seconds

 

Please Note: 192.168.10.193 is my system interface IP Address

 

 

When I try the same configurations with "left=%defaultroute" option, tunnel
establishment is fine.

 

I am trying with "left=%any" option, because I have 3 interfaces in my
system and I want to use any interface which is active during the
negotiation time

 

Please suggest me, whether anything to be added / enabled in order to make
this work

 

Thanks in advance

Ravi


 

DISCLAIMER: This message is proprietary to D-Link (India) Limited and is
intended solely for the use of the individual to whom it is addressed. It
may contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error, please notify the originator
immediately. If you are not the intended recipient, you are notified that
you are strictly prohibited from using, copying, altering, or disclosing the
contents of this message. D-Link (India) Limited accepts no responsibility
for loss or damage arising from the use of the information transmitted by
this email including damage from virus.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081203/d74bdec5/attachment.html

More information about the Users mailing list