[strongSwan] new to strongswan and couldn't establish a connection

Alok Thaker alok.akki at gmail.com
Wed Jan 19 17:54:40 CET 2011


Hi,

What are you trying to do is i think x2tp with ipsec, if your machine is
behind NAT you need to compile strongswan with NAT support, being very
addictive to vpn and fan of strongswan I have also wrote an ebook on
implementing PPTP,L2TP,IPSec,SSL vpn & Mobile Vpn on
http://www.ebooksyours.com/how_to_vpn.html .

Thanks,
Alok

On Wed, Jan 19, 2011 at 9:12 PM, Spacelee <fjctlzy at gmail.com> wrote:

>
> this is the first time I try strongswan, and I couldn't establish a
> connection, here is the configuration file :
> server : centos 5.5 64 bit
> strongswan : newest
> client : mac os
>
> ipsec.conf :
> config setup
>         # crlcheckinterval=600
>         # strictcrlpolicy=yes
>         # cachecrls=yes
>         nat_traversal=yes
>         charonstart=yes
>         plutostart=yes
> conn L2TP
>         authby=psk
>         pfs=no
>         rekey=no
>         type=tunnel
>         left=192.168.1.97
>         leftnexthop=%defaultroute
>         leftprotoport=17/1701
>         right=%any
>         rightprotoport=17/%any
>         rightsubnetwithin=0.0.0.0/0
>         auto=add
>
>
> xl2tpd.conf
> [global]
> debug network = yes
> debug tunnel = yes
> [lns default]
> ip range = 10.0.0.200-10.0.0.254
> local ip = 10.0.0.1
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = NIELSPEEN.COM
> ppp debug = yes
> pppoptfile = /etc/ppp/options.xl2tpd
> length bit = yes
>
>
> options.xl2tpd
> ipcp-accept-local
> ipcp-accept-remote
> ms-dns 8.8.8.8
> noccp
> auth
> crtscts
> idle 1800
> mtu 1410
> mru 1410
> nodefaultroute
> debug
> lock
> proxyarp
> connect-delay 5000
>
>
> ipsec.secrets
> 192.168.1.97 %any : PSK "testpsk"
>
> and the /var/log/secure
>
> Jan 19 23:31:18 localhost pluto[13051]: listening for IKE messages
> Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
> 192.168.1.97:500
> Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
> 192.168.1.97:4500
> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
> 127.0.0.1:500
> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
> 127.0.0.1:4500
> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo ::1:500
> Jan 19 23:31:18 localhost pluto[13051]: loading secrets from
> "/etc/ipsec.secrets"
> Jan 19 23:31:18 localhost pluto[13051]:   loaded PSK secret for
> 192.168.1.97 %any
> Jan 19 23:31:18 localhost ipsec_starter[13050]: charon (13069) started
> after 20 ms
> Jan 19 23:31:18 localhost pluto[13051]: added connection description "L2TP"
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> received Vendor ID payload [RFC 3947]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> received Vendor ID payload [Dead Peer Detection]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
> initial Main Mode message received on 192.168.1.97:500 but no connection
> has been authorized with policy=PSK
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> received Vendor ID payload [RFC 3947]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> received Vendor ID payload [Dead Peer Detection]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
> initial Main Mode message received on 192.168.1.97:500 but no connection
> has been authorized with policy=PSK
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> received Vendor ID payload [RFC 3947]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> received Vendor ID payload [Dead Peer Detection]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
> initial Main Mode message received on 192.168.1.97:500 but no connection
> has been authorized with policy=PSK
>
>
>
>
>
>
> --
> *Space Lee*
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110119/a4752a4c/attachment.html>


More information about the Users mailing list