[Swan] PSK+AGGRESSIVE+IKEV1_ALLOW
Paul Wouters
paul at nohats.ca
Tue Jun 9 22:02:19 EEST 2015
On Tue, 9 Jun 2015, Chuck Wolber wrote:
> PSK+ENCRYPT+TUNNEL+DONT_REKEY+XAUTH+MODECFG_PULL+AGGRESSIVE+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
Jun 9 18:13:01 vpnserver pluto[6728]: | found policy =
PSK+ENCRYPT+TUNNEL+DONT_REKEY+XAUTH+MODECFG_PULL+AGGRESSIVE+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
(RoadWarriors-ikev1-aggr-psk)
Jun 9 18:13:01 vpnserver pluto[6728]: | find_next_host_connection returns empty
Jun 9 18:13:01 vpnserver pluto[6728]: packet from 10.1.0.4:500: initial Aggressive Mode message from 10.1.0.4 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
> conn RoadWarriors-ikev1-aggr-psk
> authby=secret
> aggrmode=yes
> auto=add
> rekey=no
> pfs=no
> left=10.1.0.1
> leftid=@10.1.0.1
> leftsubnet=0.0.0.0/0
> rightaddresspool=10.1.0.10-10.1.0.254
> right=%any
> modecfgdns1=10.1.0.1
> leftxauthserver=yes
> rightxauthclient=yes
> leftmodecfgserver=yes
> rightmodecfgclient=yes
> modecfgpull=yes
> xauthby=alwaysok
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
> ike-frag=yes
> ikev2=never
So it seems to match up. Odd. Can you show "ipsec status |grep RoadWarriors-ikev1-aggr-psk" ?
Paul
More information about the Swan
mailing list