[strongSwan] new to strongswan and couldn't establish a connection

Spacelee fjctlzy at gmail.com
Wed Jan 19 16:42:21 CET 2011


this is the first time I try strongswan, and I couldn't establish a
connection, here is the configuration file :
server : centos 5.5 64 bit
strongswan : newest
client : mac os

ipsec.conf :
config setup
        # crlcheckinterval=600
        # strictcrlpolicy=yes
        # cachecrls=yes
        nat_traversal=yes
        charonstart=yes
        plutostart=yes
conn L2TP
        authby=psk
        pfs=no
        rekey=no
        type=tunnel
        left=192.168.1.97
        leftnexthop=%defaultroute
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any
        rightsubnetwithin=0.0.0.0/0
        auto=add


xl2tpd.conf
[global]
debug network = yes
debug tunnel = yes
[lns default]
ip range = 10.0.0.200-10.0.0.254
local ip = 10.0.0.1
require chap = yes
refuse pap = yes
require authentication = yes
name = NIELSPEEN.COM
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes


options.xl2tpd
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000


ipsec.secrets
192.168.1.97 %any : PSK "testpsk"

and the /var/log/secure

Jan 19 23:31:18 localhost pluto[13051]: listening for IKE messages
Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
192.168.1.97:500
Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
192.168.1.97:4500
Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo 127.0.0.1:500
Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
127.0.0.1:4500
Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo ::1:500
Jan 19 23:31:18 localhost pluto[13051]: loading secrets from
"/etc/ipsec.secrets"
Jan 19 23:31:18 localhost pluto[13051]:   loaded PSK secret for 192.168.1.97
%any
Jan 19 23:31:18 localhost ipsec_starter[13050]: charon (13069) started after
20 ms
Jan 19 23:31:18 localhost pluto[13051]: added connection description "L2TP"
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [RFC 3947]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [Dead Peer Detection]
Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
initial Main Mode message received on 192.168.1.97:500 but no connection has
been authorized with policy=PSK
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [RFC 3947]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [Dead Peer Detection]
Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
initial Main Mode message received on 192.168.1.97:500 but no connection has
been authorized with policy=PSK
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [RFC 3947]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
received Vendor ID payload [Dead Peer Detection]
Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
initial Main Mode message received on 192.168.1.97:500 but no connection has
been authorized with policy=PSK






-- 
*Space Lee*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110119/41b10219/attachment.html>


More information about the Users mailing list