[Openswan Users] Error using PSK

simon charles charlessimon at hotmail.com
Mon Nov 16 17:55:55 EST 2009 

Your ipsec.secrets file is in the wrong directory 

> cat /etc/ipsec.d/ipsec.secrets 
> a.b.c.d %any: PSK "myPSKkey"

It needs to be "/etc/ipsec.secrets"

- Simon Charles - 




> Date: Mon, 16 Nov 2009 23:43:44 +0100
> To: users at openswan.org
> From: ubi_maior at infinito.it
> Subject: [Openswan Users] Error using PSK
> 
> Hi all,
> I would like to create a tunnel between these two sites:
> 
> Site A:
> DrayTek router
> WAN IP: A.B.C.D dynamic registrered by dyndns as mysite1.dydns.org
> LAN Network IP: 10.9.10.0/24
> 
> Site B:
> Linux box
> WAN IP: a.b.c.d static registered as mysite2.mydomain.org
> 
> Site A should open the tunnel
> Site B hosts openswan
> 
> ========================================================
> 
> cat /etc/ipsec.conf 
> # /etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual:     ipsec.conf.5
> #
> # Please place your own config files in /etc/ipsec.d/ ending in .conf
> 
> version 2.0     # conforms to second version of ipsec.conf specification
> 
> # basic configuration
> config setup
>         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>         #klipsdebug=none
>         #plutodebug="control parsing"
>         # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
>         protostack=netkey
>         nat_traversal=yes
>         virtual_private=%v4:10.9.10.0/24
>         oe=off
>         # Enable this if you see "failed to find any available worker"
>         nhelpers=0
>         interfaces="%defaultroute"
>         uniqueids=yes
> 
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
> uncomment this.
> #include /etc/ipsec.d/*.conf
> 
> ================================================================
> 
> cat /etc/ipsec.d/ToHome.conf 
> conn ToHome
>         left=66.249.23.229
>         leftid=@green.soylent.info
>         right=%any
>         rightid=@mauog.dyndns.org
>         rightsubnet=10.9.10.0/24
>         authby=secret
>         auto=add
> =================================================================
> 
> cat /etc/ipsec.d/ipsec.secrets 
> a.b.c.d %any: PSK "myPSKkey"
> =================================================================
> 
> Looking at /var/log/secure i got this error:
> 
> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
> ID payload [Dead Peer Detection]
> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
> ID payload [RFC 3947] method set to=109 
> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
> ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using
> method 109
> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
> ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using
> method 109
> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
> ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using
> method 109
> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: received Vendor
> ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Nov 16 21:58:59 green pluto[11263]: packet from A.B.C:D:500: initial Main
> Mode message received on a.b.c.d:500 but no connection has been authorized
> with policy=PSK
> 
> ***Could you help me to solve it?
> 
> I've also notice that pluto starting up listen to all network interfaces:
> 
> Nov 16 20:47:56 green pluto[6298]: listening for IKE messages
> Nov 16 20:47:56 green pluto[6298]: adding interface eth0/eth0 a.b.c.d:500
> Nov 16 20:47:56 green pluto[6298]: adding interface eth0/eth0 a.b.c.d:4500
> Nov 16 20:47:56 green pluto[6298]: adding interface lo/lo 127.0.0.1:500
> Nov 16 20:47:56 green pluto[6298]: adding interface lo/lo 127.0.0.1:4500
> Nov 16 20:47:56 green pluto[6298]: adding interface lo/lo ::1:500
> 
> ***Would it possible tell Pluto to forget lopback interface?
> 
> 
> Thank You
> 
> Regards
> 
> Mauro
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091116/6235da81/attachment.html

More information about the Users mailing list