[Openswan Users] No connection has been authorized with policy=RSASIG

William Heath wgheath at gmail.com
Thu Sep 24 22:24:59 EDT 2009 

Hi All,
Working on setting up ipsec on aws ec2.  Here are my config files:

ec2:

/etc/ipsec.conf:

# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes

include /etc/ipsec.d/*.conf

/etc/ipsec.d/testhtoh.conf

conn testhtoh
        leftid=@ec2
        left=10.251.xxx.xxx
        leftrsasigkey=0sAQOq9...
        rightid=@nonec2
        right=38.104.xxx.xxx
        rightrsasigkey=0sAQOI...
        authby=rsasig
        auto=start

non-ec2 server:

# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes

include /etc/ipsec.d/*.conf

/etc/ipsec.d/testhtoh.conf

conn testhtoh
   leftid=@ec2
left=67.202.xxx.xxx
leftrsasigkey=0sAQOq9wV...
leftsubnet=vhost:%priv
rightid=@nonec2
right=%any
        rightrsasigkey=0sAQOI...
authby=rsasig
auto=add
        rekey=no

on the non-ec2 server I run:

ipsec auto --add testhtoh

023 virtual IP must only be used with %any and without client

037 attempt to load incomplete connection


I believe because this fails I get:


Sep 24 19:01:31 fx-5 pluto[24473]: packet from 67.202.6.171:500: initial
Main Mode message received on 38.104.134.226:500 but no connection has been
authorized with policy=RSASIG


when I run ipsec auto --up testhtoh on ec2


I was following the advice given here:


http://wiki.openswan.org/index.php/Openswan/FAQ#a89


What else can I try?


-Tim


P.S.


Thanks for this help!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090924/7648e062/attachment.html

More information about the Users mailing list