
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    It is there in <a class="moz-txt-link-freetext" href="https://download.libreswan.org/binaries/rhel/">https://download.libreswan.org/binaries/rhel/</a> but I

    can't get it to work :(<br>

    <br>

    I have installed it and with identical configs to openswan all I get

    in my logs is:<br>

    <tt>Mar 16 11:43:59 server pluto[10870]: packet from

      88.104.26.203:500: received Vendor ID payload [Dead Peer

      Detection]</tt><tt><br>

    </tt><tt>Mar 16 11:43:59 server pluto[10870]: packet from

      88.104.26.203:500: received Vendor ID payload [RFC 3947]</tt><tt><br>

    </tt><tt>Mar 16 11:43:59 server pluto[10870]: packet from

      88.104.26.203:500: ignoring Vendor ID payload

      [draft-ietf-ipsec-nat-t-ike-03]</tt><tt><br>

    </tt><tt>Mar 16 11:43:59 server pluto[10870]: packet from

      88.104.26.203:500: ignoring Vendor ID payload

      [draft-ietf-ipsec-nat-t-ike-02_n]</tt><tt><br>

    </tt><tt>Mar 16 11:43:59 server pluto[10870]: packet from

      88.104.26.203:500: ignoring Vendor ID payload

      [draft-ietf-ipsec-nat-t-ike-02]</tt><tt><br>

    </tt><tt>Mar 16 11:43:59 server pluto[10870]: packet from

      88.104.26.203:500: received Vendor ID payload

      [draft-ietf-ipsec-nat-t-ike-00]</tt><tt><br>

    </tt><tt>Mar 16 11:43:59 server pluto[10870]: packet from

      88.104.26.203:500: initial Main Mode message received on

      82.19.147.85:500 but no connection has been authorized with

      policy=PSK</tt><br>

    <br>

    My Ipsec.conf is:<br>

    <tt># The config file changed quite a bit from 1.x.</tt><tt><br>

    </tt><tt># See

      <a class="moz-txt-link-freetext" href="http://www.freeswan.org/freeswan_trees/freeswan-2.00/doc/upgrading.html">http://www.freeswan.org/freeswan_trees/freeswan-2.00/doc/upgrading.html</a></tt><tt><br>

    </tt><tt><br>

    </tt><tt>version 2.0</tt><tt><br>

    </tt><tt><br>

    </tt><tt># Default policy </tt><tt><br>

    </tt><tt>#---------------</tt><tt><br>

    </tt><tt><br>

    </tt><tt>config setup</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp; interfaces=%defaultroute</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp; plutodebug=none&nbsp;&nbsp;&nbsp; # plutodebug="all crypt"</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp; # plutodebug=controlmore</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp; klipsdebug=none</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp; oe=no</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp; protostack=netkey&nbsp;&nbsp;&nbsp; # 2.6.x only</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp;

virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.2.0/24,%v4:!192.168.3.0/24</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp; nat_traversal=yes</tt><tt><br>

    </tt><tt><br>

    </tt><tt><br>

    </tt><tt>conn %default</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp; type=tunnel</tt><tt><br>

    </tt><tt>&nbsp;&nbsp;&nbsp; authby=secret</tt><tt><br>

    </tt><tt><br>

    </tt><tt># Tunnels defined in separate files</tt><tt><br>

    </tt><tt>#----------------------------------</tt><tt><br>

    </tt><tt><br>

    </tt><tt>include /etc/ipsec.d/ipsec.*.conf</tt><br>

    <br>

    <br>

    One of the sub files, /etc/ipsec.d/ipsec.unmanaged.MumIn.conf, is:<br>

    <tt>conn MumIn</tt><tt><br>

    </tt><tt>&nbsp;type=tunnel</tt><tt><br>

    </tt><tt>&nbsp;authby=secret</tt><tt><br>

    </tt><tt>&nbsp;dpdtimeout=120</tt><tt><br>

    </tt><tt>&nbsp;dpddelay=30</tt><tt><br>

    </tt><tt>&nbsp;auto=add</tt><tt><br>

    </tt><tt>&nbsp;left=%defaultroute</tt><tt><br>

    </tt><tt>&nbsp;leftsourceip=192.168.2.1</tt><tt><br>

    </tt><tt>&nbsp;leftsubnet=192.168.2.0/24</tt><tt><br>

    </tt><tt>&nbsp;leftid=@Nick</tt><tt><br>

    </tt><tt>&nbsp;right=%any</tt><tt><br>

    </tt><tt>&nbsp;rightsubnet=192.168.10.0/24</tt><tt><br>

    </tt><tt>&nbsp;salifetime=24h</tt><tt><br>

    </tt><tt>&nbsp;dpdaction=clear</tt><tt><br>

    </tt><tt>&nbsp;ikelifetime=24h</tt><tt><br>

    </tt><tt>&nbsp;ike=aes256-sha1;modp2048</tt><tt><br>

    </tt><tt>&nbsp;phase2alg=aes256</tt><tt><br>

    </tt><tt>&nbsp;rekey=no</tt><tt><br>

    </tt><br>

    The secrets file contains:<br>

    <tt>@Nick %any : PSK "PSK_Here"</tt><br>

    <br>

    This happens for both my remote locations. One is behind NAT, the

    other is not.<br>

    <br>

    Regards,<br>

    <br>

    Nick<br>

    <br>

    <div class="moz-cite-prefix">On 16/03/2013 11:42, T.J. Yang wrote:<br>

    </div>

    <blockquote

cite="mid:CAD2GW8o1duXb-==LuhxkspXHwKWCn_QOjKc1izjxMFsduqpJ_g@mail.gmail.com"

      type="cite">

      <div dir="ltr">Hi Paul,

        <div><br>

        </div>

        <div style="">Is there outstanding/roadblock &nbsp;issue ?</div>

        <div>Hoping you can release libreswan 3.1 CentOS/RHEL 6 package

          to repo soon.</div>

        <div><br>

        </div>

        <div><br>

        </div>

        <div style="">Thanks</div>

        <div style=""><br>

        </div>

        <div>tj<br clear="all">

          <div><br>

          </div>

          -- <br>

          T.J. Yang

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Swan mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>

<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>