[Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK

JP CR jprollerskate at hotmail.com
Fri Dec 31 19:58:03 EST 2010 

Hello,

Making a primitive test.

I have a home LAN, a two machines one WinXP and other Ubuntu 10.1 v 1:2.6.23+dfsg-1ubuntu1 kernel: 2.6.32-17-generic
WinXP IP is 192.170.1.3
Ubuntu: 192.170.1.4
Gateway for both is 192.170.1.1
No firewalls installed on either machines.

a.) iam following guidance of: http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html
b.) This is my ipsec.conf (comments removed):
version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        oe=off
        protostack=netkey

include /etc/ipsec.d/l2tp-psk.conf

c.) This is my /etc/ipsec.d/l2tp-psk.conf

conn L2TP-PSK-NAT
        rightsubnet=vhost:%priv
        also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        # we cannot rekey for %any, let client rekey
        rekey=no
        # Set ikelifetime and keylife to same defaults windows has
        ikelifetime=8h
        keylife=1h
        # l2tp-over-ipsec is transport mode
        type=transport
        left=192.170.1.1
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/0

conn passthrough-for-non-l2tp
        type=passthrough
        left=192.170.1.4
        leftnexthop=192.170.1.1
        right=0.0.0.0/24
        rightsubnet=0.0.0.0/0
        auto=route

d.) THis is my /etc/ipsec.secrets

192.170.1.4 %any: PSK "password"


Iam using the native WinXP VPN connection to test, i made sure that i set the preshared key and told it to use a PSK, however i keep getting that error: pluto[7752]: packet from 192.170.1.3:500: initial Main Mode message received on 192.170.1.4:500 but no connection has been authorized with policy=PSK I expect to see: STATE_QUICK_R2: IPsec SA established

I tried searching google, made sure right is %any... and tried lots of things but no joy.

Thanks
Gunther




 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110101/fcc88c0e/attachment.html

More information about the Users mailing list