[Openswan Users] initial Aggressive Mode message from 172.31.114.226 but no (wildcard) connection has been configured with policy=PSK+AGGRESSIVE

SaRaVanAn saravanan.nagarajan87 at gmail.com
Thu Mar 15 17:30:05 EDT 2012 

Can any1 help me out on this?

On Thu, Mar 15, 2012 at 9:10 AM, SaRaVanAn
<saravanan.nagarajan87 at gmail.com>wrote:

> **Hi Team,
>
> i am facing the below problem. Please help me
>> [root at localhost ~]# cat /var/log/secure  | tail
>> Mar 16 20:29:48 localhost pluto[9955]: | find_host_pair: comparing to
>> 172.31.114.227:500 0.0.0.0:500
>> Mar 16 20:29:48 localhost pluto[9955]: | find_host_pair_conn
>> (find_host_connection2): 172.31.114.227:500 %any:500 -> hp:north-east
>> Mar 16 20:29:48 localhost pluto[9955]: | searching for connection with
>> policy = PSK+AGGRESSIVE
>> Mar 16 20:29:48 localhost pluto[9955]: | found policy =
>> PSK+ENCRYPT+TUNNEL+IKEv2ALLOW+
>> SAREFTRACK (north-east)
>> *Mar 16 20:29:48 localhost pluto[9955]: | find_host_connection2 returns
>> empty
>> Mar 16 20:29:48 localhost pluto[9955]: packet from 172.31.114.226:500:
>> initial Aggressive Mode message from 172.31.114.226 but no (wildcard)
>> connection has been configured with policy=PSK+AGGRESSIVE*
>> Mar 16 20:29:48 localhost pluto[9955]: | complete state transition with
>> STF_IGNORE
>> Mar 16 20:29:48 localhost pluto[9955]: | * processed 0 messages from
>> cryptographic helpers
>> Mar 16 20:29:48 localhost pluto[9955]: | next event EVENT_PENDING_DDNS in
>> 42 seconds
>> Mar 16 20:29:48 localhost pluto[9955]: | next event EVENT_PENDING_DDNS in
>> 42 seconds
>>
>> Topology:
>> +++++++
>>
>> VPNC
>> client
>>             GW                                 Openswan(VPN server)
>> 10.1.1.1 ----------- 10.1.1.2  -------- 172.31.114.226 ---------
>> 172.31.114.227
>>
>>
>> Peer conf
>> ++++++
>>
>> [root at localhost ~]# vim /etc/vpnc.conf
>>
>> IPSec gateway 172.31.114.227
>> IPSec ID tester.vpn.com
>> IPSec secret test
>> Xauth username tester
>> Xauth password tester
>>
> /etc/ipsec.conf
> ++++++++
> config setup
>         # Debug-logging controls:  "none" for (almost) none, "all" for
> lots.
>         # klipsdebug=none
>         # plutodebug="control parsing"
>         # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
>         protostack=netkey
>         klipsdebug=all
>         plutodebug=all
>         nat_traversal=yes
>         virtual_private=
>         oe=off
>         # Enable this if you see "failed to find any available worker"
>         nhelpers=0
>         interfaces=%defaultroute
>
> conn north-east
>     type=tunnel
>     left=%any
>     right=172.31.114.227
>     rightid=tester at tester.vpn.com
>     leftxauthclient=yes
>     rightxauthserver=yes
>     leftxauthusername=tester
>     keyexchange=ike
>     auto=add
>     authby=secret
>     pfs=no
>     rekey=yes
>     ikelifetime=3000s
>     keylife=3000s
>     keyingtries=0
>
> /etc/ipsec.secrets
> ++++++++++++
> %any 172.31.114.227: PSK "test"
> @tester : XAUTH "tester"
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120315/39e8fd24/attachment.html>

More information about the Users mailing list