[Openswan Users] when protostack=mast ==> no connection has been authorized with policy=PSK!!!

Majid Khonji majid at khonji.org
Sun Jun 27 03:37:26 EDT 2010


Yes I have mast0 interface with the same IP of eth0 (not exactly the
external since I have a nat router at my home GW)
I actually want to narrow down the problem to ipsec only. I want
to establish a secure SA using mast (multiple clients behind a nat), after
that I will solve the other issues. (I actually succeeded with netkey and
xl2tp on a linux client and an android phone)



On Sun, Jun 27, 2010 at 3:56 AM, Paul Wouters <paul at xelerance.com> wrote:

> On Sun, 27 Jun 2010, Majid Khonji wrote:
>
>  When i use protostack=mast
>> I get the following error (when i connect a client)
>> packet from 10.0.0.1:500: initial Main Mode message received on
>> 10.0.0.105:500 but no connection has been authorized with
>> policy=PSK
>>
>
>
> Do you have a mast0 interface? Does it have the same ip as your external
> ip?
>
>
>  mast0     Link encap:UNSPEC  HWaddr
>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>>           inet addr:10.0.0.105  Mask:255.255.255.255
>>
>
>  conn road
>>
>
>  left=10.0.0.105
>> leftsubnet=10.0.0.0/24
>>
>
>  conn road-l2tp
>> also=road
>>
>
> That is not going to work because l2tp does not use a subnet= on the
> server side. Please see examples in /etc/ipsec.d/examples/l2tp*
>
>
>  #because Mac clients don't like 1701
>> rightprotoport=17/1701
>>
>
> That should be 17/%any
>
>  conn road-l2tp-mac
>>
>
> A separate conn should not be needed.
>
> Paul
>



-- 
Regards,

Majid Khonji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100627/48a8722b/attachment.html 


More information about the Users mailing list