[Openswan Users] cannot respond to IPsec SA request because no connection is known for 172.16.77.0/24===192.168.21.153...192.168.21.132===172.16.77.0/24

John Joseph jjk_saji at yahoo.com
Mon May 12 23:01:59 EDT 2008 

--- Jean-Michel Caricand
<jean-michel.caricand at lifc.univ-fcomte.fr> wrote:

> 
> > Hi
> >      I am trying to configure ipsec (without
> L2TPD)
> > using psk
> > I have my testing GW (Linux) interface eth0 =
> > 192.168.21.153/24 (external interface )  and eth1
> =
> > 172.168.77.128/24 (internal interface )
> >
> > I have my road-warrior machine
> (Linux)192.168.21.132
> >
> > I want my road warrior to get connected to the VPN
> GW
> > (internal network 1 using ipsec and then get
> connected
> > to the internal network (172.168.77.0/24)
> >
> >
> > ##########
> > version 2.0
> >
> > config setup
> >         interfaces=%defaultroute
> >         nat_traversal=yes
> >
> >
>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
> >
> > conn %default
> >         keyingtries=1
> >         compress=yes
> >         disablearrivalcheck=no
> >         authby=secret
> >
> >
> >
> > conn road
> >         left=192.168.21.153                 #
> > Gateway's information
> >         leftsubnet=172.16.77.0/24       #
> >         rightnexthop=%defaultroute     # correct
> in
> > many situations
> >         right=%any                     # Wildcard:
> we
> > don't know the laptop's IP
> >         auto=add
> >
> >
> >
>
***********************************************************************
> >
> > My raod warrior ipsec.conf is
> > ******
> > config setup
> >         interfaces=%defaultroute
> >         nat_traversal=yes
> >
> > conn %default
> >         keyingtries=1
> >         compress=yes
> >         authby=secret
> >
> >
> >
> > conn road
> >         #left=%defaultroute             # Picks up
> our
> > dynamic IP
> >         left=192.168.21.132
> >         leftsourceip=172.16.77.130
> >         leftsubnet=172.16.77.0/24
> >         right=192.168.21.153               #
> Remote
> > information
> >         auto=add
> >
> >
> >
> >
> >
> > *****************************************
> >                       Guidance requested
> >                                 Thanks
> >                                       Joseph John
> >
> >
> >      
>
__________________________________________________________
> > Sent from Yahoo! Mail.
> > A Smarter Email
> http://uk.docs.yahoo.com/nowyoucan.html
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Building and Integrating Virtual Private Networks
> with Openswan:
> >
>
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
> 
> Hi,
> 
> In your connection definitions, you must add yours
> PSK with leftrsasignkey
> and rightrsasignkey options.
> 
> - Jean-Michel
> 

  Hi Jean
   Thanks for the mail 
   From what I had read I feel when u use PSK , u only
need to sepcify in /etc/ipsec.secrets . in ipsec.conf
u only   need to give authby=secret . 
The parameter leftrsasignkey and rightrsasignkey  have
nothing to do with PSK authentication .

Also why I say so is that 
I had done a trial setup using l2tpd -psk . in that
scenario I did not use "leftrsasignkey and
rightrsasignkey " and it was working fine 
        Please correct me If I am wrong           
	 thanks 
                Joseph John 
  




> 
> 



      __________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

More information about the Users mailing list