[Openswan Users] cannot respond to IPsec SA request because no connection is known for 172.16.77.0/24===192.168.21.153...192.168.21.132===172.16.77.0/24

Jean-Michel Caricand jean-michel.caricand at lifc.univ-fcomte.fr
Tue May 13 04:46:18 EDT 2008 

>
> --- Jean-Michel Caricand
> <jean-michel.caricand at lifc.univ-fcomte.fr> wrote:
>
>> > Hi
>> >      I am trying to configure ipsec (without
>> L2TPD)
>> > using psk
>> > I have my testing GW (Linux) interface eth0 =
>> > 192.168.21.153/24 (external interface )  and eth1
>> =
>> > 172.168.77.128/24 (internal interface )
>> >
>> > I have my road-warrior machine
>> (Linux)192.168.21.132
>> >
>> > I want my road warrior to get connected to the VPN
>> GW
>> > (internal network 1 using ipsec and then get
>> connected
>> > to the internal network (172.168.77.0/24)
>> >
>> >
>> > ##########
>> > version 2.0
>> >
>> > config setup
>> >         interfaces=%defaultroute
>> >         nat_traversal=yes
>> >
>> >
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>> >
>> > conn %default
>> >         keyingtries=1
>> >         compress=yes
>> >         disablearrivalcheck=no
>> >         authby=secret
>> >
>> >
>> >
>> > conn road
>> >         left=192.168.21.153                 #
>> > Gateway's information
>> >         leftsubnet=172.16.77.0/24       #
>> >         rightnexthop=%defaultroute     # correct
>> in
>> > many situations
>> >         right=%any                     # Wildcard:
>> we
>> > don't know the laptop's IP
>> >         auto=add
>> >
>> >
>> >
> ***********************************************************************
>> >
>> > My raod warrior ipsec.conf is
>> > ******
>> > config setup
>> >         interfaces=%defaultroute
>> >         nat_traversal=yes
>> >
>> > conn %default
>> >         keyingtries=1
>> >         compress=yes
>> >         authby=secret
>> >
>> >
>> >
>> > conn road
>> >         #left=%defaultroute             # Picks up
>> our
>> > dynamic IP
>> >         left=192.168.21.132
>> >         leftsourceip=172.16.77.130
>> >         leftsubnet=172.16.77.0/24
>> >         right=192.168.21.153               #
>> Remote
>> > information
>> >         auto=add
>> >
>> >
>> >
>> >
>> >
>> > *****************************************
>> >                       Guidance requested
>> >                                 Thanks
>> >                                       Joseph John
>> >
>> >
>> >
> __________________________________________________________
>> > Sent from Yahoo! Mail.
>> > A Smarter Email
>> http://uk.docs.yahoo.com/nowyoucan.html
>> > _______________________________________________
>> > Users at openswan.org
>> > http://lists.openswan.org/mailman/listinfo/users
>> > Building and Integrating Virtual Private Networks
>> with Openswan:
>> >
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>> >
>> Hi,
>> In your connection definitions, you must add yours
>> PSK with leftrsasignkey
>> and rightrsasignkey options.
>> - Jean-Michel
>
>   Hi Jean
>    Thanks for the mail
>    From what I had read I feel when u use PSK , u only
> need to sepcify in /etc/ipsec.secrets . in ipsec.conf
> u only   need to give authby=secret .
> The parameter leftrsasignkey and rightrsasignkey  have
> nothing to do with PSK authentication .
>
> Also why I say so is that
> I had done a trial setup using l2tpd -psk . in that
> scenario I did not use "leftrsasignkey and
> rightrsasignkey " and it was working fine
>         Please correct me If I am wrong
> 	 thanks
>                 Joseph John
>
>
>
>
>
>
>
>
>       __________________________________________________________
> Sent from Yahoo! Mail.
> A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html
>

Hi,

No, you're right and ... I'm wrong :-(

I didn't use them for a long time ago.

What's the content of /etc/ipsec.secrets ?


- Jean-Michel

More information about the Users mailing list