[Openswan Users] but no connection has been authorized with policy=PSK
Roel van Meer
rolek at bokxing.nl
Mon Apr 11 15:12:10 EDT 2011
Thomas Schweikle writes:
>>> "but no connection has been authorized with policy=PSK"
>>>
>>> what does this mean? Couldn't find anything about it in
>>> - HowTo
>>> - man-pages
>>> - docs
Do you have a matching entry in /etc/ipsec.secrets? AFAIK, you'll get this
message if you don't.
Regards,
Roel
>>
>> You got an incoming connection that wants to use authby=secret, but
>> none
>> of your loaded connections have that option set.
>
>
> conn rz-openswan
> type= tunnel
> auth= esp
> authby= secret
> keyexchange= ike
> pfs= no
> aggrmode= no
> ike= 3des-sha1-modp1024
> esp= 3des-sha1
> auto= add
>
> Since this is the only connection defined ...
> and it is loaded:
> [...]
> Changed path to directory '/etc/ipsec.d/cacerts'
> Changed path to directory '/etc/ipsec.d/aacerts'
> Changed path to directory '/etc/ipsec.d/ocspcerts'
> Changing to directory '/etc/ipsec.d/crls'
> Warning: empty directory
> added connection description "rz-openswan"
> listening for IKE messages
> NAT-Traversal: Trying new style NAT-T
> NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family
> IPv4 (errno=19)
> NAT-Traversal: Trying old style NAT-T
> adding interface eth2/eth2 172.19.0.27:500
> adding interface eth2/eth2 172.19.0.27:4500
> [...]
>
> Hmmmmmm?????
>
> --
> Thomas
>
More information about the Users
mailing list