[Openswan Users] Problem distinguishing roadwarrriors

Thomas Broda broda at billiger-mietwagen.de
Mon Jan 5 09:26:36 EST 2009 

Paul Wouters schrieb:

> But some logs would help to determine if this is the case.

I've attached an excerpt from the logs.

 > Since l2tp is in transport mode, and the linux clients are not, try
> adding an explicite type=transport to the roadwarriors-l2tp conn to
> see if that makes any difference.

hmm...adding "type=transport" didn't help.

I got the following, when I try to connect from a Windows L2TP
client..."samba3" refers to the following connection:

conn samba3
    authby=rsasig
    left=%defaultroute
    leftrsasigkey=%cert
    leftid= [...]
    leftcert=leftcert.pem
    leftsubnet=192.168.3.0/24
    right=%any
    rightrsasigkey=%cert
    rightid= [...]
    rightsubnetwithin=192.168.0.19/24
    auto=add

Actually, this connection should be picked:

conn roadwarrior-l2tp
    type=transport
    authby=secret
    type=transport
    rekey=no
    pfs=no
    keyingtries=1
    left=%defaultroute
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/1701
    auto=add


Log:

Jan  5 15:20:46 deimos pluto[9365]: "samba3"[4] 82.141.54.110 #9:
responding to Main Mode from unknown peer 82.141.54.110
Jan  5 15:20:46 deimos pluto[9365]: "samba3"[4] 82.141.54.110 #9: policy
does not allow OAKLEY_PRESHARED_KEY authentication.  Attribute
OAKLEY_AUTHENTICATION_METHOD
Jan  5 15:20:46 deimos pluto[9365]: "samba3"[4] 82.141.54.110 #9: policy
does not allow OAKLEY_PRESHARED_KEY authentication.  Attribute
OAKLEY_AUTHENTICATION_METHOD
Jan  5 15:20:46 deimos pluto[9365]: "samba3"[4] 82.141.54.110 #9: policy
does not allow OAKLEY_PRESHARED_KEY authentication.  Attribute
OAKLEY_AUTHENTICATION_METHOD
Jan  5 15:20:46 deimos pluto[9365]: "samba3"[4] 82.141.54.110 #9:
OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Jan  5 15:20:46 deimos pluto[9365]: "samba3"[4] 82.141.54.110 #9:
OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Jan  5 15:20:46 deimos pluto[9365]: "samba3"[4] 82.141.54.110 #9: no
acceptable Oakley Transform
Jan  5 15:20:46 deimos pluto[9365]: "samba3"[4] 82.141.54.110 #9:
sending notification NO_PROPOSAL_CHOSEN to 82.141.54.110:17
Jan  5 15:20:46 deimos pluto[9365]: "samba3"[4] 82.141.54.110: deleting
connection "samba3" instance with peer 82.141.54.110 {isakmp=#0/ipsec=#0}


Cheers,

-- 
Thomas

More information about the Users mailing list