[Openswan Users] How to config Static-to-Roadwarrior in different openswan version?
takanobu watanabe
rreedd555 at gmail.com
Thu May 26 11:53:59 EDT 2011
Thanks Enrich,
> The log says it all, you did not authorize a connection.
>
> For tests use
> ipsec auto --up road
>
> or modify your config file accordingly
> auto=up
But that logs were shown after your suggestion command(I think same
your suggest command I did before).
1.at IPsec router: ipsec setup start
2.at RoadWarrior:ipsec auto --up road
or I misunderstand ?
Regards,
P.S. when static-to-static was no problem under same network and machines.
--
T.W.
On 26 May 2011 23:37, Erich Titl <erich.titl at think.ch> wrote:
> Hi
>
> at 26.05.2011 12:52, tknv wrote:
>>
>>
>> Hello,
>> I try Static-to-RoadWarrior IPsec at below network.
>> at IPsec router:ipsec setup start
>> at RoadWarrior:ipsec auto --up road
>> But can not establish.
>>
>> router(192.168.11.0/24)
>> / \
>> / \
>> IPsec router Roadwarrior
>> Static(192.168.11.11) Dynamic(192.168.11.X)
>> Openswan 2.4.15(klips) Openswan U2.6.32
>> /
>> /
>> A-macihne:192.168.25.X
>>
>> --ipsec.config:IPsec router--
>> version 2.0
>>
>> config setup
>> interfaces=%defaultroute
>> nat_traversal=yes
>> nhelpers=0
>> syslog=daemon.error
>> klipsdebug=none
>> plutodebug=none
>> plutoopts=
>> handle_delete=no
>> overridemtu=1280
>>
>> conn road
>> left=192.168.11.11
>> leftsubnet=192.168.25.0/24
>> right=%any
>> rightnexthop=%defaultroute
>> auto=add
>> authby=secret
>> type=tunnel
>> leftid=@dh.srv.org
>> rightid=@dh.ore.org
>> keyingtries=0
>> aggrmode=yes
>
> don't do that
>
>> pfs=no
>> keylife=28800
>> ikelifetime=3600
>> rekeymargin=100
>> rekeyfuzz=0%
>> dpddelay=30
>> dpdaction=clear
>> include /etc/ipsec.d/examples/no_oe.conf
>>
>> --ipsec.config:Roadwarrior--
>> version 2.0
>>
>> config setup
>> nat_traversal=yes
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
>> protostack=klips
>> klipsdebug=none
>> plutodebug=none
>> nhelpers=0
>>
>> conn road
>> authby=secret
>> left=%defaultroute
>> leftid=@dh.ore.org
>> right=192.168.11.11
>> rightsubnet=192.168.25.0/24
>> rightid=@dh.srv.org
>> auto=add
>> include /etc/ipsec.d/*.conf
>>
>> --ipsec.secrets:both--
>> @dh.ore.org @dh.srv.org : PSK "foo"
>>
>> --log when try :ipsec auto --up road: from Roadwarrior--
>> May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
>> 192.168.11.3:500: ignoring unknown Vendor ID payload
>> [4f4568794c64414365636661]
>> May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
>> 192.168.11.3:500: received Vendor ID payload [Dead Peer Detection]
>> May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
>> 192.168.11.3:500: received Vendor ID payload [RFC 3947] method set
>> to=109
>> May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
>> 192.168.11.3:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
>> May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
>> 192.168.11.3:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
>> May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
>> 192.168.11.3:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
>> May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
>> 192.168.11.3:500: received Vendor ID payload
>> [draft-ietf-ipsec-nat-t-ike-00]
>> May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
>> 192.168.11.3:500: initial Main Mode message received on
>> 192.168.11.11:500 but no connection has been authorized
>
> The log says it all, you did not authorize a connection.
>
> For tests use
> ipsec auto --up road
>
> or modify your config file accordingly
> auto=up
>
> cheers
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
More information about the Users
mailing list