[Openswan Users] Openswan and Netgear SRXN3205
Paul Wouters
paul at xelerance.com
Thu Aug 27 19:09:19 EDT 2009
On Thu, 27 Aug 2009, JT Edwards wrote:
> 15:17:46 wizzer8 pluto[12887]: packet from 22.210.33.11:500: ignoring unknown
> Vendor ID payload [810fa565f8ab14369105d706fbd57279]
> Aug 27 15:17:46 wizzer8 pluto[12887]: packet from 22.210.33.11:500: ignoring
> unknown Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
> Aug 27 15:17:46 wizzer8 pluto[12887]: packet from 22.210.33.11:500: initial
> Aggressive Mode message from 22.210.33.11 but no (wildcard) connection has
> been configured with policy=PSK
>
> Both sides have the PSK identified
But apparently you do not have aggressive mode enabled and the other end is
asking for it.
> conn net-to-net
> left=11.231.29.12
> leftsubnet=192.168.1.0/24
> leftnexthop=%defaultroute
> right=22.210.33.11
> rightsubnet=192.168.122.0/24
> rightnexthop=%defaultroute
> auto=add # authorizes but doesn't start this
> # connection at startup
> authby=secret
Do NOT put blanc comment lines in the middle of a secion, it will mean the
section ended. So now your authby=secret is not part of "conn net-to-net".
So remove the "# connection at startup" line.
And add aggrmode=yes as the other end apparently is expecting that.
Paul
More information about the Users
mailing list