[Openswan Users] weird case of policy=PSK

Ing. Rodrigo Fernandez rfernandez_net at yahoo.com.mx
Thu Jun 24 23:52:32 EDT 2010 

Hi all!! I have set up a vpn between a openswan and a fortigate 60b, but I
got the next error log:

 

Jun 24 22:30:54 excalibur-dyndns pluto[15953]: packet from *.*.*.*:500:
initial Main Mode message received on *.*.*.*:500 but no connection has been
authorized with policy=PSK

 

The weird case its if I "restart" the ipsec daemon the tunnel goes up but
will pass a few hours and then I get again the message, what will be my
mistake? Ill send the config:

 

conn netcafe

        auth=esp

        authby=secret

        auto=start

        esp=3des-md5!

        ikelifetime=1800s

        keyingtries=10

        keylife=28800s

        left=192.9.201.254

        leftid=192.9.201.254

        leftnexthop=192.9.201.254

        leftsubnet=192.9.201.0/24

        right=mydyndns.org.site

        rightid=%any

        rightnexthop=10.0.254.254

        rightsubnet=10.0.254.0/24

        ike=3des-md5!

        keyexchange=ike

        dpddelay=30

        dpdtimeout=120

        dpdaction=hold

 

and my ipsec.secrets:

 

: PSK "mypassword"

 

My ipsec.conf:

 

version 2.0     # conforms to second version of ipsec.conf specification

 

# basic configuration

config setup

        # Do not set debug options to debug configuration issues!

        # plutodebug / klipsdebug = "all", "none" or a combation from below:

        # "raw crypt parsing emitting control klips pfkey natt x509 dpd
private"

        # eg:

        # plutodebug="control parsing"

        #

        # enable to get logs per-peer

        # plutoopts="--perpeerlog"

        #

        # Again: only enable plutodebug or klipsdebug when asked by a
developer

        #

        # NAT-TRAVERSAL support, see README.NAT-Traversal

        nat_traversal=yes

        # exclude networks used on server side by adding %v4:!a.b.c.0/24

        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

        # OE is now off by default. Uncomment and change to on, to enable.

        oe=off

        # which IPsec stack to use. netkey,klips,mast,auto or none

        protostack=netkey

 

# Add connections here

include /etc/ipsec.d/*.conf

 

# sample VPN connection

# for more examples, see /etc/ipsec.d/examples/

#conn sample

#               # Left security gateway, subnet behind it, nexthop toward
right.

#               left=10.0.0.1

#               leftsubnet=172.16.0.0/24

#               leftnexthop=10.22.33.44

#               # Right security gateway, subnet behind it, nexthop toward
left.

#               right=10.12.12.1

#               rightsubnet=192.168.0.0/24

#               rightnexthop=10.101.102.103

#               # To authorize this connection, but not actually start it,

#               # at startup, uncomment this.

#               #auto=start

 

As you see I call another *.conf for my tunneling schema, and the tunnel
connects but I always got this weird message, any ideas?

 

Any help will be apreciatted

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100624/681bdd33/attachment-0001.html

More information about the Users mailing list