[Openswan Users] PSK connection problems
Peter Smith
pete at citadelsecure.com
Thu Jun 25 20:06:35 EDT 2009
Hi All,
I'm trying to set up OpenSwan on a debian box to allow Windows XP
roadwarriors to connect. I'm trying with PSK first (I've been lead to
believe that this is an easier option when first starting out).
Here's what I see in the logs when I attempt to connect from XP:
packet from 1.2.3.4:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000004]
packet from 1.2.3.4:500: ignoring Vendor ID payload [FRAGMENTATION]
packet from 1.2.3.4:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
packet from 1.2.3.4:500: ignoring Vendor ID payload [Vid-Initial-Contact]
"roadwarrior-a-psk"[3] 1.2.3.4 #3: responding to Main Mode from unknown
peer 1.2.3.4
"roadwarrior-a-psk"[3] 1.2.3.4 #3: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
"roadwarrior-a-psk"[3] 1.2.3.4 #3: STATE_MAIN_R1: sent MR1, expecting MI2
"roadwarrior-a-psk"[3] 1.2.3.4 #3: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
"roadwarrior-a-psk"[3] 1.2.3.4 #3: transition from state STATE_MAIN_R1 to
state STATE_MAIN_R2
"roadwarrior-a-psk"[3] 1.2.3.4 #3: STATE_MAIN_Rsent MR2, expecting MI3
"roadwarrior-a-psk"[3] 1.2.3.4 #3: Main mode peer ID is ID_FQDN:
'@b-30876fff59d64'
"roadwarrior-a-psk"[3] 1.2.3.4 #3: switched from "roadwarrior-a-psk" to
"roadwarrior-a-psk"
"roadwarrior-a-psk"[4] 1.2.3.4 #3: deleting connection "roadwarrior-a-psk"
instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
"roadwarrior-a-psk"[4] 1.2.3.4 #3: I did not send a certificate because I
do not have one.
"roadwarrior-a-psk"[4] 1.2.3.4 #3: transition from state STATE_MAIN_R2 to
state STATE_MAIN_R3
"roadwarrior-a-psk"[4] 1.2.3.4 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_sha group=modp2048}
"roadwarrior-a-psk"[4] 1.2.3.4 #4: responding to Quick Mode {msgid:b9a83c80}
"roadwarrior-a-psk"[4] 1.2.3.4 #4: transition from state STATE_QUICK_R0 to
state STATE_QUICK_R1
"roadwarrior-a-psk"[4] 1.2.3.4 #4: STATE_QUICK_R1: sent QR1, inbound IPsec
SA installed, expecting QI2
"roadwarrior-a-psk"[4] 1.2.3.4 #4: transition from state STATE_QUICK_R1 to
state STATE_QUICK_R2
"roadwarrior-a-psk"[4] 1.2.3.4 #4: STATE_QUICK_RIPsec SA established
{ESP=>0x748ea2af <0x92e09dbb xfrm=3DES_0-HMAC_MD5 NATD=1.2.3.4:4500
DPD=none}
"roadwarrior-a-psk"[4] 1.2.3.4 #3: received Delete SA(0x748ea2af) payload:
deleting IPSEC State #4
"roadwarrior-a-psk"[4] 1.2.3.4 #3: received and ignored informational message
"roadwarrior-a-psk"[4] 1.2.3.4 #3: received Delete SA payload: deleting
ISAKMP State #3
"roadwarrior-a-psk"[4] 1.2.3.4: deleting connection "roadwarrior-a-psk"
instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
packet from 1.2.3.4:4500: received and ignored informational message
.... and my /etc/ipsec.conf:
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=secret
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-a-psk
type=transport
authby=secret|rsasig
pfs=no
left=%defaultroute
leftprotoport=17/0
leftrsasigkey=%cert
right=%any
rightprotoport=17/0
rightrsasigkey=%cert
auto=add
keyingtries=3
Am I missing something obvious? Any help greatly appreciated.
Thanks,
Pete
More information about the Users
mailing list