[strongSwan] new to strongswan and couldn't establish a connection
Spacelee
fjctlzy at gmail.com
Wed Jan 19 16:42:21 CET 2011
this is the first time I try strongswan, and I couldn't establish a
connection, here is the configuration file :
server : centos 5.5 64 bit
strongswan : newest
client : mac os
ipsec.conf :
config setup
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=yes
charonstart=yes
plutostart=yes
conn L2TP
authby=psk
pfs=no
rekey=no
type=tunnel
left=192.168.1.97
leftnexthop=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnetwithin=0.0.0.0/0
auto=add
xl2tpd.conf
[global]
debug network = yes
debug tunnel = yes
[lns default]
ip range = 10.0.0.200-10.0.0.254
local ip = 10.0.0.1
require chap = yes
refuse pap = yes
require authentication = yes
name = NIELSPEEN.COM
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
ipsec.secrets
192.168.1.97 %any : PSK "testpsk"
and the /var/log/secure
Jan 19 23:31:18 localhost pluto[13051]: listening for IKE messages
Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
192.168.1.97:500
Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
192.168.1.97:4500
Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo 127.0.0.1:500
Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
127.0.0.1:4500
Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo ::1:500
Jan 19 23:31:18 localhost pluto[13051]: loading secrets from
"/etc/ipsec.secrets"
Jan 19 23:31:18 localhost pluto[13051]: loaded PSK secret for 192.168.1.97
%any
Jan 19 23:31:18 localhost ipsec_starter[13050]: charon (13069) started after
20 ms
Jan 19 23:31:18 localhost pluto[13051]: added connection description "L2TP"
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [RFC 3947]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [Dead Peer Detection]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
initial Main Mode message received on 192.168.1.97:500 but no connection has
been authorized with policy=PSK
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [RFC 3947]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [Dead Peer Detection]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
initial Main Mode message received on 192.168.1.97:500 but no connection has
been authorized with policy=PSK
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [RFC 3947]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [Dead Peer Detection]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
initial Main Mode message received on 192.168.1.97:500 but no connection has
been authorized with policy=PSK
--
*Space Lee*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110119/41b10219/attachment.html>
More information about the Users
mailing list