[strongSwan] strongswan <=> openswan

Andreas Steffen andreas.steffen at strongswan.org
Sun Feb 27 19:43:49 CET 2011


Hi Gary,

strongSwan is configured for the IKEv2 protocol but
the error message

> initial Main Mode message received on strongswanip:500 but no
connection has been authorized with policy=PUBKEY

was issued by strongSwan's IKEv1 pluto daemon. This means that
the Openswan end initiates the connection using the old IKEv1
protocol. Please configure Openswan to use IKEv2.

Regards

Andreas

On 27.02.2011 19:04, Gary Smith wrote:
>>
>> using certificates Openswan should smoothly interoperate smoothly
>> with strongSwan (actually I'm the author of the X.509 Openswan code).
>> The configuration should be more or less identical to strongSwan's.
>>
>> Best  regards
>>
>> Andreas
>>
> 
> 
> # The openswan server
> config setup
>         protostack=netkey 
>         nat_traversal=yes
>         plutodebug=all
> 
> conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=1
>         #keyexchange=ikev2
>         #mobike=no
> 
> conn fre-sli
>         type=           tunnel
>         authby=         rsasig
>         left=           openswanip
>         leftcert=       openswankey.pem
>         leftid=         @openswanid
>         leftsubnet=     10.60.1.0/24
>         right=          strongswanip
>         rightid=        @strongswanid
>         rightsubnet=    10.40.0.0/16
>         keyexchange=    ike
>         auto=           start
> 
> 
> # The strongswan server
> config setup
>         crlcheckinterval=180
>         strictcrlpolicy=no
>         plutostart=yes
> 
> conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=1
>         keyexchange=ikev2
>         mobike=no
> 
> conn fre-sli
>         left=           strongswanlocalip
>         leftcert=       strongswanlocalkey.pem
>         leftid=         @strongswanid
>         leftsubnet=     10.40.0.0/16
>         leftfirewall=   yes
>         right=          openswanip
>         rightid=	@openswanid
>         rightsubnet=    10.60.1.0/24
>         keyexchange=    ike
>         auto=           start
> 
> 
> I get:
> initial Main Mode message received on strongswanip:500 but no connection has been authorized with policy=PUBKEY
> 
> I know I'm probably just missing something simply. Can you guide me in the right diraction.
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list