[strongSwan] netgear fvx538 no connection has been authorized with policy=PSK full night working but no cigar

renato gallo renatogallo at unixproducts.com
Sun Dec 19 04:38:31 CET 2010


please I pray you HELP.

the problem is .....

packet from 84.202.150.225:500: initial Main Mode message received on
192.168.0.5:500 but no connection has been authorized with policy=PSK



cat ipsec.secrets
# /etc/ipsec.secrets - strongSwan IPsec secrets file
: PSK "not posting the pass"




cat ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        interfaces="ipsec0=eth0"
        plutostart=yes
        charonstart=yes
        plutodebug=all
        strictcrlpolicy=yes
        nat_traversal=yes
        klipsdebug=all
        uniqueids=yes
# Add connections here.

conn fvx538
        authby=secret            #tells it to use a PSK for authentication
        type=tunnel
        left= %defaultroute         #WAN ip address of local CC router
        leftsubnet=192.168.0.0/24     #ip address of CC LAN subnet
        leftnexthop=192.168.0.3     #ip address of local CC?s internet
gateway
        leftid=82.148.186.244         #WAN IP
        right=84.202.150.225         #WAN ip address of remote netgear fvs318
        rightnexthop=84.202.150.225        #ip address of remote netgear?s
internet gateway
        rightsubnet=10.0.0.0/24     #ip address of netear LAN subnet
        rightid=84.202.150.225        #WAN IP
        ike=3des-sha1-modp1024        #ike policy settings, could not get
aes128 or aes256 to work
        ikelifetime=1440m        #ike lifetime
        keylife=480m            #key life
        pfs=no                #pfs is off, could not get pfs working
        keyexchange=ike            #tell it to use ike(not AH)
        auto=start            #start when ipsec(openswan) starts
        esp=3des-sha1            #phase 2 encryption, no pfs defined.
Netgear ?VPN policy?




# Sample VPN connections

#conn sample-self-signed
#      left=%defaultroute
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start






More information about the Users mailing list