[Openswan Users] VPN Connection not working with aggressive mode

kasi viswanathan kviswanathan.83 at gmail.com
Thu Nov 24 05:29:58 EST 2016 

Hi all,

VPN host to host connection is not working in the latest 2.6.49
version of openswan.

I am copy pasting the contents of ipsec.conf files and ipsec.secrets
from both the devices.

Left Machine:
==========
# cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10,%v4:!192.168.0.1/24
        oe=off
        protostack=netkey
        interfaces="%defaultroute"
conn left
        ikelifetime=4h
        salifetime=8h
        ike=3des-md5;modp1024
        phase2alg=3des-md5;modp1024
        authby=secret
        auto=start
        aggrmode=yes
        pfs=no
        left=%defaultroute
        leftid=@left
        right=192.168.1.117
        rightid=@right
        type=transport
# cat /etc/ipsec.secrets
@left @right : PSK "1234"


Right Machine
==========
# cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10,%v4:!192.168.0.1/24
        oe=off
        protostack=netkey
        interfaces="%defaultroute"
conn right
        ikelifetime=4h
        salifetime=8h
        ike=3des-md5;modp1024
        phase2alg=3des-md5;modp1024
        authby=secret
        auto=start
        aggrmode=yes
        pfs=no
        left=%defaultroute
        leftid=@right
        right=192.168.1.111
        rightid=@left
        type=transport
# cat /etc/ipsec.secrets
@right @left : PSK "1234"

Am getting the below error:

initial Aggressive Mode message from 192.168.1.117 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE

After googling i was not sure what other config options i need to change.

Pls let me know how to fix this.

FYI, the same config options is working for openswan version 2.6.32
from which we recently upgraded to 2.6.49.

Thanks,
Kasiviswanathan.V

More information about the Users mailing list