[Openswan Users] Error using PSK

ubi_maior at infinito.it ubi_maior at infinito.it
Mon Nov 16 17:43:44 EST 2009 

Hi all,
I would like to create a tunnel between these two sites:

Site A:
DrayTek router
WAN IP: A.B.C.D dynamic registrered by dyndns as mysite1.dydns.org
LAN Network IP: 10.9.10.0/24

Site B:
Linux box
WAN IP: a.b.c.d static registered as mysite2.mydomain.org

Site A should open the tunnel
Site B hosts openswan

========================================================

cat /etc/ipsec.conf 
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        #klipsdebug=none
        #plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:10.9.10.0/24
        oe=off
        # Enable this if you see "failed to find any available worker"
        nhelpers=0
        interfaces="%defaultroute"
        uniqueids=yes

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
uncomment this.
#include /etc/ipsec.d/*.conf

================================================================

cat /etc/ipsec.d/ToHome.conf 
conn ToHome
        left=66.249.23.229
        leftid=@green.soylent.info
        right=%any
        rightid=@mauog.dyndns.org
        rightsubnet=10.9.10.0/24
        authby=secret
        auto=add
=================================================================

cat /etc/ipsec.d/ipsec.secrets 
a.b.c.d %any: PSK "myPSKkey"
=================================================================

Looking at /var/log/secure i got this error:

Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
ID payload [Dead Peer Detection]
Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
ID payload [RFC 3947] method set to=109 
Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using
method 109
Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using
method 109
Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using
method 109
Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: initial Main
Mode message received on a.b.c.d:500 but no connection has been authorized
with policy=PSK

***Could you help me to solve it?

I've also notice that pluto starting up listen to all network interfaces:

Nov 16 20:47:56 green pluto[6298]: listening for IKE messages
Nov 16 20:47:56 green pluto[6298]: adding interface eth0/eth0 a.b.c.d:500
Nov 16 20:47:56 green pluto[6298]: adding interface eth0/eth0 a.b.c.d:4500
Nov 16 20:47:56 green pluto[6298]: adding interface lo/lo 127.0.0.1:500
Nov 16 20:47:56 green pluto[6298]: adding interface lo/lo 127.0.0.1:4500
Nov 16 20:47:56 green pluto[6298]: adding interface lo/lo ::1:500

***Would it possible tell Pluto to forget lopback interface?


Thank You

Regards

Mauro

More information about the Users mailing list