[Openswan Users] Openswan AND fortigate 60b Vs Iptables

Thu Jul 8 23:17:47 EDT 2010

I haven't been following your entire thread, but I'll try and explain 
the error below and maybe you can figure out why it's occurring.

See my responses below.

Ing. Rodrigo Fernandez wrote:
> When I got disconnection I got the weird message of  “no connection has 
> been authorized by polici = PSK “ but I have discovere that if I restart 
> the daemon itself the tunnel goes up again, or maybe we can see why the 
> tunnel doesn’t goes up? By the way im running IPsec U2.6.27/K2.6.20.21
> 
> Ill sending my log :
> Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from 
> 189.136.*.206:500: received Vendor ID payload [RFC 3947] method set to=109

<snip>

> Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | nat-t detected, 
> sending nat-t VID
> 
> Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_connection2 
> called from main_inI1_outR1, me=189.233.*.51:500 him=189.136.*.206:500 
> policy=none
> 
> Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_pair: 
> comparing to 189.233.*.51:500 187.145.*.141:500
> 
> Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_pair_conn 
> (find_host_connection2): 189.233.*.51:500 189.136.*.206:500 -> hp:none
> 
> Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_connection2 
> returns empty

So you have an incoming connection from 189.136.*.206, but when Openswan 
compares it to your configuration files, it only sees the left/right 
combination of 189.233.*.51/187.145.*.141.

It uses the policy line you see later to further limit the connections. 
  It is looking for a connection that uses authby=secret (pre-shared 
keys) in this case.

Willie