[Openswan Users] weird case of policy=PSK

Paul Wouters paul at xelerance.com
Fri Jun 25 10:34:21 EDT 2010


On Thu, 24 Jun 2010, Ing. Rodrigo Fernandez wrote:

> Hi all!! I have set up a vpn between a openswan and a fortigate 60b, but I got the next error log:
> 
> Jun 24 22:30:54 excalibur-dyndns pluto[15953]: packet from *.*.*.*:500: initial Main Mode message received on *.*.*.*:500 but
> no connection has been authorized with policy=PSK
> 
> The weird case its if I “restart” the ipsec daemon the tunnel goes up but will pass a few hours and then I get again the
> message, what will be my mistake? Ill send the config:

This can be the case when initiator and responder roles switch, and one end is not as
forgiving as the openswan end. you might need to add a plutodebug=all to find out
the details of the refused packet.

Either that, or another bug on the remote device. With a log of the failure event,
we should be able to tell you more.

Paul



More information about the Users mailing list