Hi,<br> i solved the below problem by changing the ipsec.secrets file like this<br><br>%any <a href="http://172.31.114.227">172.31.114.227</a>: PSK "test"<br>@tester : XAUTH "tester"<br><br>Now i am facing the below problem<br>
[root@localhost ~]# cat /var/log/secure | tail<br>Mar 16 20:29:48 localhost pluto[9955]: | find_host_pair: comparing to <a href="http://172.31.114.227:500">172.31.114.227:500</a> <a href="http://0.0.0.0:500">0.0.0.0:500</a><br>
Mar 16 20:29:48 localhost pluto[9955]: | find_host_pair_conn (find_host_connection2): <a href="http://172.31.114.227:500">172.31.114.227:500</a> %any:500 -> hp:north-east<br>Mar 16 20:29:48 localhost pluto[9955]: | searching for connection with policy = PSK+AGGRESSIVE<br>
Mar 16 20:29:48 localhost pluto[9955]: | found policy = PSK+ENCRYPT+TUNNEL+IKEv2ALLOW+SAREFTRACK (north-east)<br><b>Mar 16 20:29:48 localhost pluto[9955]: | find_host_connection2 returns empty<br>Mar 16 20:29:48 localhost pluto[9955]: packet from <a href="http://172.31.114.226:500">172.31.114.226:500</a>: initial Aggressive Mode message from 172.31.114.226 but no (wildcard) connection has been configured with policy=PSK+AGGRESSIVE</b><br>
Mar 16 20:29:48 localhost pluto[9955]: | complete state transition with STF_IGNORE<br>Mar 16 20:29:48 localhost pluto[9955]: | * processed 0 messages from cryptographic helpers<br>Mar 16 20:29:48 localhost pluto[9955]: | next event EVENT_PENDING_DDNS in 42 seconds<br>
Mar 16 20:29:48 localhost pluto[9955]: | next event EVENT_PENDING_DDNS in 42 seconds<br><br>Please help me.<br><br>Peer conf<br>++++++<br><br>[root@localhost ~]# vim /etc/vpnc.conf<br><br>IPSec gateway 172.31.114.227<br>IPSec ID <a href="http://tester.vpn.com">tester.vpn.com</a><br>
IPSec secret test<br>Xauth username tester<br>Xauth password tester<br><br><div class="gmail_quote">On Thu, Mar 15, 2012 at 6:00 PM, SaRaVanAn <span dir="ltr"><<a href="mailto:saravanan.nagarajan87@gmail.com">saravanan.nagarajan87@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Paul, <br> I m trying to establish a remote access VPN for my VPN client with openswan as VPN server. But I am getting the below error message<br>
[root@localhost ~]# cat /var/log/messages | tail<br>Mar 16 17:45:18 localhost ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d<br>
Mar 16 17:45:18 localhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled<br>Mar 16 17:45:18 localhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled<br>
Mar 16 17:45:18 localhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled<br>Mar 16 17:45:18 localhost ipsec__plutorun: 002 added connection description "north-east"<br>
Mar 16 17:45:18 localhost ipsec__plutorun: multiple default routes, using 172.31.114.225 on eth0<br>Mar 16 17:45:18 localhost ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T<br>Mar 16 17:45:18 localhost ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)<br>
Mar 16 17:45:18 localhost ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T<br>Mar 16 17:45:18 localhost ipsec__plutorun: 003 ERROR "/etc/ipsec.secrets" line 3: index "tester" does not look numeric and name lookup failed<br>
<br>Topology:<br>+++++++<br><br>VPNC<br>client GW Openswan(VPN server)<br>10.1.1.1 ----------- 10.1.1.2 -------- 172.31.114.226 --------- 172.31.114.227<br>
<br>Configuration details<br>++++++++++++++<br>VPNC client<br>__________<br><br>Enter IPSec gateway address: 172.31.114.227<br>Enter IPSec ID for <a href="http://172.31.114.227" target="_blank">172.31.114.227</a>: <a href="http://test.vpn.com" target="_blank">test.vpn.com</a><br>
Enter IPSec secret for <a href="mailto:test.vpn.com@172.31.114.227" target="_blank">test.vpn.com@172.31.114.227</a>:<br>test<br>Enter username for <a href="http://172.31.114.227" target="_blank">172.31.114.227</a>: tester<br>
Enter password for <a href="mailto:tester@172.31.114.227" target="_blank">tester@172.31.114.227</a>:<br>
tester<br><br>/etc/ipsec.conf<br>+++++++++++<br>config setup<br> protostack=netkey<br> nat_traversal=yes<br> virtual_private=<br> oe=off<br> nhelpers=0<br> interfaces=%defaultroute<br>
conn north-east<br> type=tunnel<br> left=%any<br> right=172.31.114.227<br> rightid=@<a href="http://test.vpn.com" target="_blank">test.vpn.com</a><br> leftxauthclient=yes<br> rightxauthserver=yes<br> leftxauthusername=tester<br>
keyexchange=ike<br> auto=add<br> authby=secret<br> pfs=no<br> rekey=yes<br> ikelifetime=3000s<br> keylife=3000s<br> keyingtries=0<br><br>/etc/ipsec.secrets<br>+++++++++++++<br><br>0.0.0.0 <a href="http://172.31.114.227" target="_blank">172.31.114.227</a>: PSK "test"<br>
tester: XAUTH "tester"<br><br><br>Please help me<br><br>Regards,<br>Saravanan N<br><br>
</blockquote></div><br>