[Openswan Users] when protostack=mast ==> no connection has been authorized with policy=PSK!!!

Paul Wouters paul at xelerance.com
Sat Jun 26 19:56:08 EDT 2010

On Sun, 27 Jun 2010, Majid Khonji wrote:

> When i use protostack=mast
> I get the following error (when i connect a client)
> packet from initial Main Mode message received on but no connection has been authorized with
> policy=PSK

Do you have a mast0 interface? Does it have the same ip as your external ip?

> mast0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
>           inet addr:  Mask:

> conn road

> left=
> leftsubnet=

> conn road-l2tp
> also=road

That is not going to work because l2tp does not use a subnet= on the
server side. Please see examples in /etc/ipsec.d/examples/l2tp*

> #because Mac clients don't like 1701
> rightprotoport=17/1701

That should be 17/%any

> conn road-l2tp-mac

A separate conn should not be needed.


More information about the Users mailing list