[Openswan Users] initial Main Mode message received on X:500but no connection has been authorized

Peter McGill petermcgill at goco.net
Thu May 15 10:24:33 EDT 2008


John,

That is incorrect, as shown by doc/config.html in the openswan package, and
http://wiki.openswan.org/index.php/Openswan/Configure
Note that the following only works when no NAT is involved.
(Both computers have a direct internet connection with a public ip address.)
Note also that 192.0.2.10 represents an internet public ip address, although
it is not actually a valid one, since it's from the test net reserved space.

Server/Gateway ipsec.conf:
conn road
	left=192.0.2.10                # Gateway's information, public ip address
	leftid=@xy.example.com         #
	leftsubnet=10.0.0.0/24         # private network
	leftrsasigkey=0sAQOnwiBPt...   #
	right=%any                     # Wildcard: we don't know the laptop's IP
	rightid=@road.example.com      #
	rightrsasigkey=0sAQPIPN9uI...  #
	auto=add                       # authorizes but doesn't start this
	                               # connection at startup

Road Warrior ipsec.conf:
conn road
	left=%defaultroute             # Picks up our dynamic IP
	leftid=@road.example.com       # Local information
	leftrsasigkey=0sAQPIPN9uI...   #
	right=192.0.2.10               # Remote information
	rightsubnet=10.0.0.0/24        #
	rightid=@xy.example.com        #
	rightrsasigkey=0sAQOnwiBPt...  #
	auto=add                       # authorizes but doesn't start this
	                               # connection at startup

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of John Joseph
> Sent: May 15, 2008 3:26 AM
> To: Paul Wouters; users at openswan.org
> Subject: Re: [Openswan Users] initial Main Mode message 
> received on X:500but no connection has been authorized
> 
> 
> --- Paul Wouters <paul at xelerance.com> wrote:
> 
> > On Wed, 14 May 2008, Thomas Novin wrote:
> > 
> > The "left" and "right" syntax might need getting
> > used to, but you can
> > read is as "local" and "remote" if you want.
> > 
> > Paul
> > -- 
> 
> Thanks paul for this tip 
>   I am always confused about left and right 
> 
> Please check this example 
> If I assume left=local , right=remote 
> 
> in my example  GW-VPN 
> I have to give ipsec.conf (gw ipsec.conf)
>       left=GW externatl IP
>       right=%any
> 
> in my road warrior 
>       left=%any ( local IP address )
>       right= VPN server IP address 
> 
>  is this correct way  
>             Thanks 
>                 Joseph John 
> 
> 
> 
>       __________________________________________________________
> Sent from Yahoo! Mail.
> A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155



More information about the Users mailing list