[Openswan Users] initial Aggressive Mode message from 172.31.114.226 but no (wildcard) connection has been configured with policy=PSK+AGGRESSIVE

SaRaVanAn saravanan.nagarajan87 at gmail.com
Thu Mar 15 12:10:26 EDT 2012 

**Hi Team,

i am facing the below problem. Please help me
> [root at localhost ~]# cat /var/log/secure  | tail
> Mar 16 20:29:48 localhost pluto[9955]: | find_host_pair: comparing to
> 172.31.114.227:500 0.0.0.0:500
> Mar 16 20:29:48 localhost pluto[9955]: | find_host_pair_conn
> (find_host_connection2): 172.31.114.227:500 %any:500 -> hp:north-east
> Mar 16 20:29:48 localhost pluto[9955]: | searching for connection with
> policy = PSK+AGGRESSIVE
> Mar 16 20:29:48 localhost pluto[9955]: | found policy =
> PSK+ENCRYPT+TUNNEL+IKEv2ALLOW+
> SAREFTRACK (north-east)
> *Mar 16 20:29:48 localhost pluto[9955]: | find_host_connection2 returns
> empty
> Mar 16 20:29:48 localhost pluto[9955]: packet from 172.31.114.226:500:
> initial Aggressive Mode message from 172.31.114.226 but no (wildcard)
> connection has been configured with policy=PSK+AGGRESSIVE*
> Mar 16 20:29:48 localhost pluto[9955]: | complete state transition with
> STF_IGNORE
> Mar 16 20:29:48 localhost pluto[9955]: | * processed 0 messages from
> cryptographic helpers
> Mar 16 20:29:48 localhost pluto[9955]: | next event EVENT_PENDING_DDNS in
> 42 seconds
> Mar 16 20:29:48 localhost pluto[9955]: | next event EVENT_PENDING_DDNS in
> 42 seconds
>
> Topology:
> +++++++
>
> VPNC
> client
>             GW                                 Openswan(VPN server)
> 10.1.1.1 ----------- 10.1.1.2  -------- 172.31.114.226 ---------
> 172.31.114.227
>
>
> Peer conf
> ++++++
>
> [root at localhost ~]# vim /etc/vpnc.conf
>
> IPSec gateway 172.31.114.227
> IPSec ID tester.vpn.com
> IPSec secret test
> Xauth username tester
> Xauth password tester
>
/etc/ipsec.conf
++++++++
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        klipsdebug=all
        plutodebug=all
        nat_traversal=yes
        virtual_private=
        oe=off
        # Enable this if you see "failed to find any available worker"
        nhelpers=0
        interfaces=%defaultroute

conn north-east
    type=tunnel
    left=%any
    right=172.31.114.227
    rightid=tester at tester.vpn.com
    leftxauthclient=yes
    rightxauthserver=yes
    leftxauthusername=tester
    keyexchange=ike
    auto=add
    authby=secret
    pfs=no
    rekey=yes
    ikelifetime=3000s
    keylife=3000s
    keyingtries=0

/etc/ipsec.secrets
++++++++++++
%any 172.31.114.227: PSK "test"
@tester : XAUTH "tester"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120315/a429d68f/attachment.html>

More information about the Users mailing list