[Swan] 3.1 rpm package
Philippe Vouters
philippe.vouters at laposte.net
Sat Mar 16 15:34:24 EET 2013
Nick,
One possible cause is a mismatch of the ike/phase2alg with the remote
peer. Up to you to see whether this applies.
ike=aes256-sha1;modp2048
phase2alg=aes256
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org
Le 16/03/2013 12:52, Nick Howitt a écrit :
> It is there in https://download.libreswan.org/binaries/rhel/ but I
> can't get it to work :(
>
> I have installed it and with identical configs to openswan all I get
> in my logs is:
> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500:
> received Vendor ID payload [Dead Peer Detection]
> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500:
> received Vendor ID payload [RFC 3947]
> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500:
> ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Mar 16 11:43:59 server pluto[10870]: packet from 88.104.26.203:500:
> initial Main Mode message received on 82.19.147.85:500 but no
> connection has been authorized with policy=PSK
>
> My Ipsec.conf is:
> # The config file changed quite a bit from 1.x.
> # See
> http://www.freeswan.org/freeswan_trees/freeswan-2.00/doc/upgrading.html
>
> version 2.0
>
> # Default policy
> #---------------
>
> config setup
> interfaces=%defaultroute
> plutodebug=none # plutodebug="all crypt"
> # plutodebug=controlmore
> klipsdebug=none
> oe=no
> protostack=netkey # 2.6.x only
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.2.0/24,%v4:!192.168.3.0/24
> nat_traversal=yes
>
>
> conn %default
> type=tunnel
> authby=secret
>
> # Tunnels defined in separate files
> #----------------------------------
>
> include /etc/ipsec.d/ipsec.*.conf
>
>
> One of the sub files, /etc/ipsec.d/ipsec.unmanaged.MumIn.conf, is:
> conn MumIn
> type=tunnel
> authby=secret
> dpdtimeout=120
> dpddelay=30
> auto=add
> left=%defaultroute
> leftsourceip=192.168.2.1
> leftsubnet=192.168.2.0/24
> leftid=@Nick
> right=%any
> rightsubnet=192.168.10.0/24
> salifetime=24h
> dpdaction=clear
> ikelifetime=24h
> ike=aes256-sha1;modp2048
> phase2alg=aes256
> rekey=no
>
> The secrets file contains:
> @Nick %any : PSK "PSK_Here"
>
> This happens for both my remote locations. One is behind NAT, the
> other is not.
>
> Regards,
>
> Nick
>
> On 16/03/2013 11:42, T.J. Yang wrote:
>> Hi Paul,
>>
>> Is there outstanding/roadblock issue ?
>> Hoping you can release libreswan 3.1 CentOS/RHEL 6 package to repo soon.
>>
>>
>> Thanks
>>
>> tj
>>
>> --
>> T.J. Yang
>>
>>
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130316/df92943a/attachment.html>
More information about the Swan
mailing list