[Openswan Users] but no connection has been authorized with policy=PSK
Paul Young
paul at arkig.com
Fri May 30 01:41:42 EDT 2014
Hello everyone,
Did this get resolved?
I am having the same issues even after following Simon's advice as well.
What information or further details are required?
My secret file looks like this:
<ElasticIP> 0.0.0.0 %any: PSK "<something>"
and config looks like:
conn <name>
authby=secret
pfs=no
auto=add
keyingtries=3
type=transport
forceencaps=yes
right=%any
rightprotoport=17/%any
left=<ElasticIP>
leftnexthop=%defaultroute
leftprotoport=17/1701
dpddelay=10
dpdtimeout=90
dpdaction=clear
Thanks,
Paul
On 29 November 2013 03:47, Simon Deziel <simon at xelerance.com> wrote:
> Hi Mohsen,
>
> I think you should have those settings:
>
> left=%defaultsource
> leftid=ElasticIP
> leftsourceip=ElasticIP
> forceencaps=yes
> auto=add
>
> The Elastic IP shouldn't have the "@" prefix. Your ipsec.secrets should
> look like this:
>
> ElasticIP 0.0.0.0 %any: PSK "123"
>
> For a complete example (not using L2TP):
> https://github.com/xelerance/Openswan/wiki/Amazon-ec2-example
>
> Regards,
> Simon
>
>
> On 13-11-28 11:31 AM, Mohsen B.Sarmadi wrote:
> > Dear all,
> >
> > I am using a EC2 Ubuntu 12.04 LTS instance in AWS.
> > I used all of the configurations from
> > here(http://fortycloud.com/setting-up-ipsecopenswan-in-amazon-ec2/), but
> > in auth.log i am keep getting
> >
> > Nov 28 16:12:22 ip-10-164-25-201 *pluto*[6268]: packet from
> > myComputerIP:500: initial Main Mode message received
> > on myEC2PrivateIP:500 but no connection has been authorized with
> policy=PSK
> >
> > $cat /etc/ipsec.secrets
> > @myEC2PrivateIP %any: PSK "123"
> >
> > $ sudo cat /etc/ipsec.conf
> > config setup
> > protostack=netkey
> > interfaces=%defaultroute
> > nat_traversal=yes
> > # this will force openswan to use IPSec over UDP - required for EC2
> > force_keepalive=yes
> > keep_alive=60
> > virtual_private=%v4:172.24.0.0/16 <http://172.24.0.0/16>
> > # this Subnet must include range provided in the xl2tpd config file
> > oe=no
> > nhelpers=0
> > conn RWConn # road warrior connection description
> > rightsubnet=vhost:%priv
> > type=transport
> > authby=secret
> > pfs=no
> > rekey=no
> > ikelifetime=8h
> > keylife=1h
> > leftprotoport=17/1701
> > left= myEC2PrivateIP
> > leftid=@myEC2PrivateIP
> > rightprotoport=17/%any
> > right=%any
> > auto=ignore
> >
> >
> >
> > $ sudo cat /etc/xl2tpd/xl2tpd.conf
> > [global]
> > ipsec saref = yes
> > ; this must be the private EC2 address allocated to eth0
> > listen-addr = myEC2PrivateIP
> > [lns default]
> > ; addresses to road road warriors will be allocated from this range
> > ip range = 172.24.100.1-172.24.100.254
> > ; GW virtual address (must be outside of the above range)
> > local ip = 172.24.0.150
> > refuse pap = yes
> > require authentication = yes
> > name = MyGW
> > ; points to PPP config file (you can choose your own name)
> > pppoptfile = /etc/ppp/options.xl2tpd
> > length bit = yes
> >
> > please help me on this.
> > thanks
> > Mohs
> >
> >
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140530/bec16291/attachment.html>
More information about the Users
mailing list