[Openswan Users] Connection Problem
paul at xelerance.com
Wed Apr 20 12:56:46 EDT 2011
On Wed, 20 Apr 2011, Peter Siegel wrote:
> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets" line 1: unrecognized key format: PKS
> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets" line 2: unrecognized key format: PKS
See man ipsec.secrets. The keyword is PSK, not PKS.
> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets" line 4: premature end of RSA key
It appears you have a broken RSA key configured. Likely you manually killed what you thought
were "hanging" processes on first start when openswan attempts to build a new rsa key. Or you
rebooted while these were running. Remove the partial RSA key.
> Apr 20 08:16:10 firewall pluto: "Digital" #1: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable
> response) to our first IKE message
This could be a firewall issue, or a misconfiguration issue.
> Apr 20 07:38:09 firewall pluto: packet from 220.127.116.11:500: initial Main Mode message received on 18.104.22.168:500 but no connection
> has been authorized
this seems to indicate a misconfiguration. Your pasted config matches on both end (except a weird "="
symbol which I hopes was an email error)
On the server side, try: ipsec auto --add Digital and see if it shows any error.
More information about the Users