[Openswan Users] no connection has been authorized with policy=PSK
Timo Nisula
timnis at iki.fi
Mon Sep 1 12:06:24 EDT 2008
Hi!
I try use PSK wth Openswan but I get following error messages
(a.b.c.d=client with dynamic ip behind nat, e.f.g.h=servers public
ip):
Sep 1 18:37:50 fw pluto[6597]: packet from a.b.c.d:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 1 18:37:50 fw pluto[6597]: packet from a.b.c.d:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 1 18:37:50 fw pluto[6597]: packet from a.b.c.d:500: initial Main
Mode message received on e.f.g.h:500 but no connection has been
authorized with policy=PSK
Probably I have made some silly mistakes but I don't see those. I have
also try google the answer but haven't find any working solutions. My
server is CentOS 5.2 i386 with Shorewall 4.0.13 and Openswan 2.6.16
(same problem with 2.6.14). Below Openswan configs.
Please guide me to right directions.
-Timo
/etc/ipsec.conf
-----------------------8><--------------------------
version 2.0
config setup
# plutodebug="control parsing"
# enable to get logs per-peer
# plutoopts="--perpeerlog"
nat_traversal=yes
OE=off
protostack=netkey
conn s60
ike=aes256-sha1-modp1024
phase2=esp
phase2alg=aes256-sha1-modp1024
auto=add
keyingtries=3
# modecfgpull=yes
pfs=yes
rekey=no
left=%defaultroute
leftsubnets=192.168.100.0/24,192.168.50.0/24
leftid=e.f.g.h
# leftmodecfgserver=yes
right=%any
rightid=s60 at domain.com
# rightmodecfgclient=yes
authby=secret
-----------------------8><--------------------------
/etc/ipsec.secret
-----------------------8><--------------------------
: PSK "TheSecret"
-----------------------8><--------------------------
More information about the Users
mailing list