[Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK

JP CR jprollerskate at hotmail.com
Fri Dec 31 22:10:59 EST 2010


The secrets is included in my original post... its present the way you specifiy.


Subject: RE: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK
Date: Fri, 31 Dec 2010 18:37:06 -0800
From: rwyatt at nvtl.com
To: jprollerskate at hotmail.com; wgillespie+openswan at es2eng.com; users at openswan.org








Message body






Did you check your IPsec.SEcrets file?

it should be

192.170.1.4 %any : PSK ""



or something to that effect.



Randy





-----Original Message-----

From: users-bounces at openswan.org on behalf of JP CR

Sent: Fri 12/31/2010 6:34 PM

To: wgillespie+openswan at es2eng.com; users at openswan.org

Subject: Re: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK



Same result. Same error.

I can comment out the rest of the connections and i still get the same error.



In fact I can comment out the entire l2tp-psk.conf include in ipsec.conf and I still get the same error. Not sure what this means..





> Date: Fri, 31 Dec 2010 19:05:54 -0700

> From: wgillespie+openswan at es2eng.com

> To: jprollerskate at hotmail.com

> CC: users at openswan.org

> Subject: Re: [Openswan Users] Simplest ipsec config with PSK insists that I have no connection authorized with policy=PSK

>

> As a quick test, what happens if you comment out your

> "passthrough-for-non-l2tp" connection? Is it able to find a connection

> to use then?

>

> On 12/31/2010 05:58 PM, JP CR wrote:

> > Hello,

> >

> > Making a primitive test.

> >

> > I have a home LAN, a two machines one WinXP and other Ubuntu 10.1 v

> > 1:2.6.23+dfsg-1ubuntu1 kernel: 2.6.32-17-generic

> > WinXP IP is 192.170.1.3

> > Ubuntu: 192.170.1.4

> > Gateway for both is 192.170.1.1

> > No firewalls installed on either machines.

> >

> > a.) iam following guidance of:

> > http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html

> > b.) This is my ipsec.conf (comments removed):

> > version 2.0 # conforms to second version of ipsec.conf specification

> >

> > # basic configuration

> > config setup

> > nat_traversal=yes

> > virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

> > oe=off

> > protostack=netkey

> >

> > include /etc/ipsec.d/l2tp-psk.conf

> >

> > c.) This is my /etc/ipsec.d/l2tp-psk.conf

> >

> > conn L2TP-PSK-NAT

> > rightsubnet=vhost:%priv

> > also=L2TP-PSK-noNAT

> >

> > conn L2TP-PSK-noNAT

> > authby=secret

> > pfs=no

> > auto=add

> > keyingtries=3

> > # we cannot rekey for %any, let client rekey

> > rekey=no

> > # Set ikelifetime and keylife to same defaults windows has

> > ikelifetime=8h

> > keylife=1h

> > # l2tp-over-ipsec is transport mode

> > type=transport

> > left=192.170.1.1

> > leftprotoport=17/1701

> > right=%any

> > rightprotoport=17/0

> >

> > conn passthrough-for-non-l2tp

> > type=passthrough

> > left=192.170.1.4

> > leftnexthop=192.170.1.1

> > right=0.0.0.0/24

> > rightsubnet=0.0.0.0/0

> > auto=route

> >

> > d.) THis is my /etc/ipsec.secrets

> >

> > 192.170.1.4 %any: PSK "password"

> >

> >

> > Iam using the native WinXP VPN connection to test, i made sure that i

> > set the preshared key and told it to use a PSK, however i keep getting

> > that error: pluto[7752]: packet from 192.170.1.3:500: initial Main Mode

> > message received on 192.170.1.4:500 but no connection has been

> > authorized with policy=PSK I expect to see: |STATE_QUICK_R2: IPsec SA

> > established|

> >

> > I tried searching google, made sure right is %any... and tried lots of

> > things but no joy.

> >

> > Thanks

> > Gunther

> >

> >

> >

> >

> >

> >

> > _______________________________________________

> > Users at openswan.org

> > http://lists.openswan.org/mailman/listinfo/users

> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy

> > Building and Integrating Virtual Private Networks with Openswan:

> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

>







 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110101/79376b68/attachment.html 


More information about the Users mailing list