[Openswan Users] when protostack=mast ==> no connection has been authorized with policy=PSK!!!

Paul Wouters paul at xelerance.com
Sat Jun 26 19:56:08 EDT 2010


On Sun, 27 Jun 2010, Majid Khonji wrote:

> When i use protostack=mast
> I get the following error (when i connect a client)
> packet from 10.0.0.1:500: initial Main Mode message received on 10.0.0.105:500 but no connection has been authorized with
> policy=PSK


Do you have a mast0 interface? Does it have the same ip as your external ip?

> mast0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
>           inet addr:10.0.0.105  Mask:255.255.255.255

> conn road

> left=10.0.0.105
> leftsubnet=10.0.0.0/24

> conn road-l2tp
> also=road

That is not going to work because l2tp does not use a subnet= on the
server side. Please see examples in /etc/ipsec.d/examples/l2tp*

> #because Mac clients don't like 1701
> rightprotoport=17/1701

That should be 17/%any

> conn road-l2tp-mac

A separate conn should not be needed.

Paul


More information about the Users mailing list