[Openswan Users] Openswan and Netgear SRXN3205

[JT Edwards]

Paul,

I have aggressive mode set up and the PSKs shared....

I am still getting this error:

no (wildcard) connection has been configured with policy=PSK    Where is 
this policy located. My ipsec.secrets only contain the IPs of the server and 
the router and the PSK secret

10.10.10.10 23.23.23.23: PSK "testtest"

I am going nuts.... heheheheh

JT


--------------------------------------------------
From: "Paul Wouters" <paul at xelerance.com>
Sent: Thursday, August 27, 2009 7:09 PM
To: "JT Edwards" <tstrike34 at gmail.com>
Cc: <users at openswan.org>
Subject: Re: [Openswan Users] Openswan and Netgear SRXN3205

> On Thu, 27 Aug 2009, JT Edwards wrote:
>
>> 15:17:46 wizzer8 pluto[12887]: packet from 22.210.33.11:500: ignoring 
>> unknown Vendor ID payload [810fa565f8ab14369105d706fbd57279]
>> Aug 27 15:17:46 wizzer8 pluto[12887]: packet from 22.210.33.11:500: 
>> ignoring unknown Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
>> Aug 27 15:17:46 wizzer8 pluto[12887]: packet from 22.210.33.11:500: 
>> initial Aggressive Mode message from 22.210.33.11 but no (wildcard) 
>> connection has been configured with policy=PSK
>>
>> Both sides have the PSK identified
>
> But apparently you do not have aggressive mode enabled and the other end 
> is
> asking for it.
>
>> conn net-to-net
>>   left=11.231.29.12
>>   leftsubnet=192.168.1.0/24
>>   leftnexthop=%defaultroute
>>   right=22.210.33.11
>>   rightsubnet=192.168.122.0/24
>>   rightnexthop=%defaultroute
>>   auto=add                       # authorizes but doesn't start this
>>                                  # connection at startup
>>   authby=secret
>
> Do NOT put blanc comment lines in the middle of a secion, it will mean the
> section ended. So now your authby=secret is not part of "conn net-to-net".
> So remove the "# connection at startup" line.
>
> And add aggrmode=yes as the other end apparently is expecting that.
>
> Paul