[strongSwan] new to strongswan and couldn't establish a connection
Spacelee
fjctlzy at gmail.com
Thu Jan 20 02:16:57 CET 2011
On Thu, Jan 20, 2011 at 12:54 AM, Alok Thaker <alok.akki at gmail.com> wrote:
> Hi,
>
> What are you trying to do is i think x2tp with ipsec, if your machine is
> behind NAT you need to compile strongswan with NAT support, being very
> addictive to vpn and fan of strongswan I have also wrote an ebook on
> implementing PPTP,L2TP,IPSec,SSL vpn & Mobile Vpn on
> http://www.ebooksyours.com/how_to_vpn.html .
>
I have complied with NAT, and will see your book
>
> Thanks,
> Alok
>
> On Wed, Jan 19, 2011 at 9:12 PM, Spacelee <fjctlzy at gmail.com> wrote:
>
>>
>> this is the first time I try strongswan, and I couldn't establish a
>> connection, here is the configuration file :
>> server : centos 5.5 64 bit
>> strongswan : newest
>> client : mac os
>>
>> ipsec.conf :
>> config setup
>> # crlcheckinterval=600
>> # strictcrlpolicy=yes
>> # cachecrls=yes
>> nat_traversal=yes
>> charonstart=yes
>> plutostart=yes
>> conn L2TP
>> authby=psk
>> pfs=no
>> rekey=no
>> type=tunnel
>> left=192.168.1.97
>> leftnexthop=%defaultroute
>> leftprotoport=17/1701
>> right=%any
>> rightprotoport=17/%any
>> rightsubnetwithin=0.0.0.0/0
>> auto=add
>>
>>
>> xl2tpd.conf
>> [global]
>> debug network = yes
>> debug tunnel = yes
>> [lns default]
>> ip range = 10.0.0.200-10.0.0.254
>> local ip = 10.0.0.1
>> require chap = yes
>> refuse pap = yes
>> require authentication = yes
>> name = NIELSPEEN.COM
>> ppp debug = yes
>> pppoptfile = /etc/ppp/options.xl2tpd
>> length bit = yes
>>
>>
>> options.xl2tpd
>> ipcp-accept-local
>> ipcp-accept-remote
>> ms-dns 8.8.8.8
>> noccp
>> auth
>> crtscts
>> idle 1800
>> mtu 1410
>> mru 1410
>> nodefaultroute
>> debug
>> lock
>> proxyarp
>> connect-delay 5000
>>
>>
>> ipsec.secrets
>> 192.168.1.97 %any : PSK "testpsk"
>>
>> and the /var/log/secure
>>
>> Jan 19 23:31:18 localhost pluto[13051]: listening for IKE messages
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
>> 192.168.1.97:500
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
>> 192.168.1.97:4500
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
>> 127.0.0.1:500
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
>> 127.0.0.1:4500
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo ::1:500
>> Jan 19 23:31:18 localhost pluto[13051]: loading secrets from
>> "/etc/ipsec.secrets"
>> Jan 19 23:31:18 localhost pluto[13051]: loaded PSK secret for
>> 192.168.1.97 %any
>> Jan 19 23:31:18 localhost ipsec_starter[13050]: charon (13069) started
>> after 20 ms
>> Jan 19 23:31:18 localhost pluto[13051]: added connection description
>> "L2TP"
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> received Vendor ID payload [RFC 3947]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> received Vendor ID payload [Dead Peer Detection]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500:
>> initial Main Mode message received on 192.168.1.97:500 but no connection
>> has been authorized with policy=PSK
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> received Vendor ID payload [RFC 3947]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> received Vendor ID payload [Dead Peer Detection]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500:
>> initial Main Mode message received on 192.168.1.97:500 but no connection
>> has been authorized with policy=PSK
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> received Vendor ID payload [RFC 3947]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> received Vendor ID payload [Dead Peer Detection]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500:
>> initial Main Mode message received on 192.168.1.97:500 but no connection
>> has been authorized with policy=PSK
>>
>>
>>
>>
>>
>>
>> --
>> *Space Lee*
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>
>
>
--
*Space Lee*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110120/304b2932/attachment.html>
More information about the Users
mailing list