[Openswan Users] Help
Brad Johnson
bjohnson at astrocorp.com
Wed Oct 29 08:47:40 EDT 2008
The leftid and rightid in your .conf file (@Server1FQDN, @Server2FQDN)
do not match those in the secrets file
(@Server1, @Server2). They must match exactly, and the remote side must
be configured with "leftid=@Server2FQDN".
...Brad
Carlos wrote:
>
> Unable to establish a connection . Firewall is setup to allow ports
> 500….. Thanks you
>
> Configuration
>
> server 1
>
> conn net-to-net
>
> authby=secret
>
> left=Server1
>
> leftsubnet=192.168.1.0/24
>
> leftid=@Server1FQDN
>
> leftnexthop=%defaultroute
>
> right=Server2
>
> rightsubnet=192.168.1.0/24
>
> rightid=@Server2FQDN
>
> rightnexthop=%defaultroute
>
> auth=esp
>
> esp=3des-sha1
>
> xauth=yes
>
> auto=add
>
> pfs=yes
>
> ipsec.secret file
>
> @Server1 @Server2 : PSK "Sharedkey"
>
> Server 2
>
> # Add connections here
>
> conn net-to-net
>
> authby=secret
>
> left=Server2
>
> leftsubnet=192.168.1.0/24
>
> leftid=@Server2FQDN
>
> leftnexthop=%defaultroute
>
> right=Server1
>
> rightid=@Server1FQDN
>
> rightnexthop=%defaultroute
>
> auth=esp
>
> esp=3des-sha1
>
> xauth=yes
>
> auto=add
>
> pfs=yes
>
> ipsec.secret file
>
> @Server2 @Server1 : PSK "Sharedkey"
>
> /var/log/auth.log
>
> Oct 28 11:01:06 SERVER1 pluto[19226]: "net-to-net" #29: no acceptable
> Oakley Transform
>
> Oct 28 11:01:06 SERVER1 pluto[19226]: "net-to-net" #29: sending
> notification NO_PROPOSAL_CHOSEN to Server2:500
>
> Oct 28 11:01:43 SERVER1 pluto[19226]: packet from Server2:500:
> ignoring informational payload, type NO_PROPOSAL_CHOSEN
>
> Oct 28 11:01:43 SERVER1 pluto[19226]: packet from Server2:500:
> received and ignored informational message
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500:
> received Vendor ID payload [Openswan (this version) 2.4.6 X.509-1.5.4
> LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500:
> received Vendor ID payload [Dead Peer Detection]
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500:
> received Vendor ID payload [RFC 3947] method set to=110
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108,
> but already using method 110
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107,
> but already using method 110
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
> but already using method 110
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: responding to
> Main Mode
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: Can't
> authenticate: no preshared key found for `@Server1FQDN' and
> `@Server2FQDN'. Attribute OAKLEY_AUTHENTICATION_METHOD
>
> Oct 28 11:01:46 SERVER1 last message repeated 3 times
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: no acceptable
> Oakley Transform
>
> Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: sending
> notification NO_PROPOSAL_CHOSEN to Server2:500
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list