[Openswan Users] Help

Carlos carlos at lfilms.net
Tue Oct 28 14:24:49 EDT 2008 

Unable to establish a connection . Firewall is setup to allow ports 500...
Thanks you   

 

Configuration 

 

server 1

conn    net-to-net

        authby=secret

        left=Server1

        leftsubnet=192.168.1.0/24

        leftid=@Server1FQDN

        leftnexthop=%defaultroute

        right=Server2

        rightsubnet=192.168.1.0/24

        rightid=@Server2FQDN

        rightnexthop=%defaultroute

        auth=esp

        esp=3des-sha1

        xauth=yes

        auto=add

        pfs=yes

 

ipsec.secret file 

 

 @Server1 @Server2 : PSK "Sharedkey"

 

Server 2

 

# Add connections here

conn    net-to-net

        authby=secret

        left=Server2

        leftsubnet=192.168.1.0/24

        leftid=@Server2FQDN

        leftnexthop=%defaultroute

        right=Server1

        rightid=@Server1FQDN

        rightnexthop=%defaultroute

        auth=esp

        esp=3des-sha1

        xauth=yes

        auto=add

        pfs=yes

 

ipsec.secret file 

 

@Server2 @Server1 : PSK "Sharedkey"

 

 

/var/log/auth.log

 

Oct 28 11:01:06 SERVER1 pluto[19226]: "net-to-net" #29: no acceptable Oakley
Transform

Oct 28 11:01:06 SERVER1 pluto[19226]: "net-to-net" #29: sending notification
NO_PROPOSAL_CHOSEN to Server2:500

Oct 28 11:01:43 SERVER1 pluto[19226]: packet from Server2:500: ignoring
informational payload, type NO_PROPOSAL_CHOSEN

Oct 28 11:01:43 SERVER1 pluto[19226]: packet from Server2:500: received and
ignored informational message

Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: received
Vendor ID payload [Openswan (this version) 2.4.6  X.509-1.5.4 LDAP_V3
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]

Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: received
Vendor ID payload [Dead Peer Detection]

Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: received
Vendor ID payload [RFC 3947] method set to=110

Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already
using method 110

Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already
using method 110

Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already
using method 110

Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: responding to Main
Mode

Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: Can't authenticate:
no preshared key found for `@Server1FQDN' and `@Server2FQDN'.  Attribute
OAKLEY_AUTHENTICATION_METHOD

Oct 28 11:01:46 SERVER1 last message repeated 3 times

Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: no acceptable Oakley
Transform

Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: sending notification
NO_PROPOSAL_CHOSEN to Server2:500

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081028/d2647017/attachment-0001.html

More information about the Users mailing list