[Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK

Willie Gillespie wgillespie+openswan at es2eng.com
Fri Dec 31 21:05:54 EST 2010


As a quick test, what happens if you comment out your 
"passthrough-for-non-l2tp" connection?  Is it able to find a connection 
to use then?

On 12/31/2010 05:58 PM, JP CR wrote:
> Hello,
>
> Making a primitive test.
>
> I have a home LAN, a two machines one WinXP and other Ubuntu 10.1 v
> 1:2.6.23+dfsg-1ubuntu1 kernel: 2.6.32-17-generic
> WinXP IP is 192.170.1.3
> Ubuntu: 192.170.1.4
> Gateway for both is 192.170.1.1
> No firewalls installed on either machines.
>
> a.) iam following guidance of:
> http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html
> b.) This is my ipsec.conf (comments removed):
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
> oe=off
> protostack=netkey
>
> include /etc/ipsec.d/l2tp-psk.conf
>
> c.) This is my /etc/ipsec.d/l2tp-psk.conf
>
> conn L2TP-PSK-NAT
> rightsubnet=vhost:%priv
> also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
> authby=secret
> pfs=no
> auto=add
> keyingtries=3
> # we cannot rekey for %any, let client rekey
> rekey=no
> # Set ikelifetime and keylife to same defaults windows has
> ikelifetime=8h
> keylife=1h
> # l2tp-over-ipsec is transport mode
> type=transport
> left=192.170.1.1
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/0
>
> conn passthrough-for-non-l2tp
> type=passthrough
> left=192.170.1.4
> leftnexthop=192.170.1.1
> right=0.0.0.0/24
> rightsubnet=0.0.0.0/0
> auto=route
>
> d.) THis is my /etc/ipsec.secrets
>
> 192.170.1.4 %any: PSK "password"
>
>
> Iam using the native WinXP VPN connection to test, i made sure that i
> set the preshared key and told it to use a PSK, however i keep getting
> that error: pluto[7752]: packet from 192.170.1.3:500: initial Main Mode
> message received on 192.170.1.4:500 but no connection has been
> authorized with policy=PSK I expect to see: |STATE_QUICK_R2: IPsec SA
> established|
>
> I tried searching google, made sure right is %any... and tried lots of
> things but no joy.
>
> Thanks
> Gunther
>
>
>
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6026 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20101231/403fbea1/attachment.bin 


More information about the Users mailing list