[Openswan Users] Help

Peter McGill petermcgill at goco.net
Wed Oct 29 10:20:45 EDT 2008 

Carlos,

Or take out the @'s in the secrets file, and use the Server IP addresses.

Peter

Brad Johnson wrote:
> The leftid and rightid in your .conf file (@Server1FQDN, @Server2FQDN) 
> do not match those in the secrets file
> (@Server1, @Server2). They must match exactly, and the remote side must 
> be configured with "leftid=@Server2FQDN".
> 
> ...Brad
> 
> Carlos wrote:
>> Unable to establish a connection . Firewall is setup to allow ports 
>> 500….. Thanks you
>>
>> Configuration
>>
>> server 1
>>
>> conn net-to-net
>>
>> authby=secret
>>
>> left=Server1
>>
>> leftsubnet=192.168.1.0/24
>>
>> leftid=@Server1FQDN
>>
>> leftnexthop=%defaultroute
>>
>> right=Server2
>>
>> rightsubnet=192.168.1.0/24
>>
>> rightid=@Server2FQDN
>>
>> rightnexthop=%defaultroute
>>
>> auth=esp
>>
>> esp=3des-sha1
>>
>> xauth=yes
>>
>> auto=add
>>
>> pfs=yes
>>
>> ipsec.secret file
>>
>> @Server1 @Server2 : PSK "Sharedkey"
>>
>> Server 2
>>
>> # Add connections here
>>
>> conn net-to-net
>>
>> authby=secret
>>
>> left=Server2
>>
>> leftsubnet=192.168.1.0/24
>>
>> leftid=@Server2FQDN
>>
>> leftnexthop=%defaultroute
>>
>> right=Server1
>>
>> rightid=@Server1FQDN
>>
>> rightnexthop=%defaultroute
>>
>> auth=esp
>>
>> esp=3des-sha1
>>
>> xauth=yes
>>
>> auto=add
>>
>> pfs=yes
>>
>> ipsec.secret file
>>
>> @Server2 @Server1 : PSK "Sharedkey"
>>
>> /var/log/auth.log
>>
>> Oct 28 11:01:06 SERVER1 pluto[19226]: "net-to-net" #29: no acceptable 
>> Oakley Transform
>>
>> Oct 28 11:01:06 SERVER1 pluto[19226]: "net-to-net" #29: sending 
>> notification NO_PROPOSAL_CHOSEN to Server2:500
>>
>> Oct 28 11:01:43 SERVER1 pluto[19226]: packet from Server2:500: 
>> ignoring informational payload, type NO_PROPOSAL_CHOSEN
>>
>> Oct 28 11:01:43 SERVER1 pluto[19226]: packet from Server2:500: 
>> received and ignored informational message
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: 
>> received Vendor ID payload [Openswan (this version) 2.4.6 X.509-1.5.4 
>> LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: 
>> received Vendor ID payload [Dead Peer Detection]
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: 
>> received Vendor ID payload [RFC 3947] method set to=110
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: 
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, 
>> but already using method 110
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: 
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, 
>> but already using method 110
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: 
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, 
>> but already using method 110
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: packet from Server2:500: 
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: responding to 
>> Main Mode
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: Can't 
>> authenticate: no preshared key found for `@Server1FQDN' and 
>> `@Server2FQDN'. Attribute OAKLEY_AUTHENTICATION_METHOD
>>
>> Oct 28 11:01:46 SERVER1 last message repeated 3 times
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: no acceptable 
>> Oakley Transform
>>
>> Oct 28 11:01:46 SERVER1 pluto[19226]: "net-to-net" #30: sending 
>> notification NO_PROPOSAL_CHOSEN to Server2:500
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan: 
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>   
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list