[Openswan Users] Openswan to Openswan - inconsistent behavior

Andy Theuninck gohanman at gmail.com
Mon Dec 22 22:40:59 EST 2008


I'm trying to set up a tunnel from openswan to openswan (one side is
NAT-ed). I'm really puzzled by what I've seen so far. Here's what
happened.

Initially, I realized iptables was blocking UDP 500 & 4500 on the
server. I adjusted that, restarted iptables on the server (left), and
tried bringing up the connection on the client (right). This is what I
got:
# /usr/sbin/ipsec auto --up WFC
104 "WFC" #1: STATE_MAIN_I1: initiate
003 "WFC" #1: received Vendor ID payload [Openswan (this version) 2.6.14 ]
003 "WFC" #1: received Vendor ID payload [Dead Peer Detection]
003 "WFC" #1: received Vendor ID payload [RFC 3947] method set to=109
003 "WFC" #1: Can't authenticate: no preshared key found for
`192.168.0.3' and `1.2.3.4'.  Attribute OAKLEY_AUTHENTICATION_METHOD
003 "WFC" #1: no acceptable Oakley Transform
214 "WFC" #1: STATE_MAIN_I1: NO_PROPOSAL_CHOSEN

Server log showed the attempted connection as well. I edited
/etc/ipsec.secrets on the client, replacing "%any" with "192.168.0.3".
I then tried bringing up the connection again on the client and go
this:
# /usr/sbin/ipsec auto --up WFC
104 "WFC" #1: STATE_MAIN_I1: initiate
010 "WFC" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "WFC" #1: STATE_MAIN_I1: retransmission; will wait 40s for response

The server now shows no sign of the connection attempt, despite
/etc/ipsec.secrets being the only file that changed. I changed
/etc/ipsec.secrets back and tried bringing up the connection on the
client one last time:
#/usr/sbin/ipsec auto --up WFC

That's now been just hanging for about ten minutes with no output at
all. Server logs again show no connection attempt. Can anyone clue me
in to what's going on here? I seem to be getting different - and
progressively worse - behavior without altering any settings [so far
as I can tell].


More information about the Users mailing list