[Openswan Users] Openswan as a VPN server for VPNC client

SaRaVanAn saravanan.nagarajan87 at gmail.com
Thu Mar 15 11:04:02 EDT 2012 

Hi,
   i solved the below problem by changing the ipsec.secrets file like this

%any 172.31.114.227: PSK "test"
@tester : XAUTH "tester"

Now i am facing the below problem
[root at localhost ~]# cat /var/log/secure  | tail
Mar 16 20:29:48 localhost pluto[9955]: | find_host_pair: comparing to
172.31.114.227:500 0.0.0.0:500
Mar 16 20:29:48 localhost pluto[9955]: | find_host_pair_conn
(find_host_connection2): 172.31.114.227:500 %any:500 -> hp:north-east
Mar 16 20:29:48 localhost pluto[9955]: | searching for connection with
policy = PSK+AGGRESSIVE
Mar 16 20:29:48 localhost pluto[9955]: | found policy =
PSK+ENCRYPT+TUNNEL+IKEv2ALLOW+SAREFTRACK (north-east)
*Mar 16 20:29:48 localhost pluto[9955]: | find_host_connection2 returns
empty
Mar 16 20:29:48 localhost pluto[9955]: packet from 172.31.114.226:500:
initial Aggressive Mode message from 172.31.114.226 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE*
Mar 16 20:29:48 localhost pluto[9955]: | complete state transition with
STF_IGNORE
Mar 16 20:29:48 localhost pluto[9955]: | * processed 0 messages from
cryptographic helpers
Mar 16 20:29:48 localhost pluto[9955]: | next event EVENT_PENDING_DDNS in
42 seconds
Mar 16 20:29:48 localhost pluto[9955]: | next event EVENT_PENDING_DDNS in
42 seconds

Please help me.

Peer conf
++++++

[root at localhost ~]# vim /etc/vpnc.conf

IPSec gateway 172.31.114.227
IPSec ID tester.vpn.com
IPSec secret test
Xauth username tester
Xauth password tester

On Thu, Mar 15, 2012 at 6:00 PM, SaRaVanAn
<saravanan.nagarajan87 at gmail.com>wrote:

> Hi Paul,
>    I m trying to establish a remote access VPN for my VPN client with
> openswan as VPN server. But I am getting the below error message
> [root at localhost ~]# cat /var/log/messages | tail
> Mar 16 17:45:18 localhost ipsec__plutorun: adjusting ipsec.d to
> /etc/ipsec.d
> Mar 16 17:45:18 localhost ipsec__plutorun: /usr/libexec/ipsec/addconn
> Non-fips mode set in /proc/sys/crypto/fips_enabled
> Mar 16 17:45:18 localhost ipsec__plutorun: /usr/libexec/ipsec/addconn
> Non-fips mode set in /proc/sys/crypto/fips_enabled
> Mar 16 17:45:18 localhost ipsec__plutorun: /usr/libexec/ipsec/addconn
> Non-fips mode set in /proc/sys/crypto/fips_enabled
> Mar 16 17:45:18 localhost ipsec__plutorun: 002 added connection
> description "north-east"
> Mar 16 17:45:18 localhost ipsec__plutorun: multiple default routes, using
> 172.31.114.225 on eth0
> Mar 16 17:45:18 localhost ipsec__plutorun: 003 NAT-Traversal: Trying new
> style NAT-T
> Mar 16 17:45:18 localhost ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1)
> setup failed for new style NAT-T family IPv4 (errno=19)
> Mar 16 17:45:18 localhost ipsec__plutorun: 003 NAT-Traversal: Trying old
> style NAT-T
> Mar 16 17:45:18 localhost ipsec__plutorun: 003 ERROR "/etc/ipsec.secrets"
> line 3: index "tester" does not look numeric and name lookup failed
>
> Topology:
> +++++++
>
> VPNC
> client
> GW                                 Openswan(VPN server)
> 10.1.1.1 ----------- 10.1.1.2  -------- 172.31.114.226 ---------
> 172.31.114.227
>
> Configuration details
> ++++++++++++++
> VPNC client
> __________
>
> Enter IPSec gateway address: 172.31.114.227
> Enter IPSec ID for 172.31.114.227: test.vpn.com
> Enter IPSec secret for test.vpn.com at 172.31.114.227:
> test
> Enter username for 172.31.114.227: tester
> Enter password for tester at 172.31.114.227:
> tester
>
> /etc/ipsec.conf
> +++++++++++
> config setup
>         protostack=netkey
>         nat_traversal=yes
>         virtual_private=
>         oe=off
>         nhelpers=0
>         interfaces=%defaultroute
> conn north-east
>     type=tunnel
>     left=%any
>     right=172.31.114.227
>     rightid=@test.vpn.com
>     leftxauthclient=yes
>     rightxauthserver=yes
>     leftxauthusername=tester
>     keyexchange=ike
>     auto=add
>     authby=secret
>     pfs=no
>     rekey=yes
>     ikelifetime=3000s
>     keylife=3000s
>     keyingtries=0
>
> /etc/ipsec.secrets
> +++++++++++++
>
> 0.0.0.0 172.31.114.227: PSK "test"
> tester: XAUTH "tester"
>
>
> Please help me
>
> Regards,
> Saravanan N
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120315/41d8ad67/attachment-0001.html>

More information about the Users mailing list