<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Paul,<br>
<br>
<div class="moz-cite-prefix">On 21/09/2013 14:59, Paul Wouters
wrote:<br>
</div>
<blockquote
cite="mid:alpine.LFD.2.10.1309210957180.3895@bofh.nohats.ca"
type="cite">
<br>
On Sat, 21 Sep 2013, Nick Howitt wrote:
<br>
<br>
<blockquote type="cite">I have compiled 3.6rc1 without FIPSCHECK,
whatever that is and I am struggling with a conn.
<br>
<br>
Because of bug 86 I use a conn like:
<br>
conn MumIn
<br>
type=tunnel
<br>
authby=secret
<br>
dpdtimeout=120
<br>
dpddelay=30
<br>
auto=add
<br>
#left=%defaultroute
<br>
#leftnexthop=%defaultroute
<br>
#left=howitts.poweredbyclear.com
<br>
left=82.19.147.85
<br>
leftsourceip=172.17.2.1
<br>
leftsubnet=172.17.2.0/24
<br>
leftid=@Nick
<br>
right=damim.dtdns.net
<br>
rightsubnet=192.168.10.0/24
<br>
salifetime=24h
<br>
dpdaction=clear
<br>
ikelifetime=24h
<br>
ike=aes256-sha1;modp2048
<br>
phase2alg=aes256
<br>
rekey=no
<br>
</blockquote>
<br>
Could you put an ip for right= instead of damim.dtdns.net and see
if it
<br>
matters? Also change ipsec.secrets so the PSK is found?
<br>
</blockquote>
With right=IP it works. ipsec.secrets does not matter as I use %any.<br>
<blockquote
cite="mid:alpine.LFD.2.10.1309210957180.3895@bofh.nohats.ca"
type="cite">
<br>
Can you show me ipsec auto --status when the conn is loaded and
giving:
<br>
<br>
<blockquote type="cite">Sep 21 12:14:49 server pluto[20435]:
packet from 82.30.103.217:500: initial Main Mode message
received on 82.19.147.85:500 but no
<br>
connection has been authorized with policy=PSK
<br>
</blockquote>
</blockquote>
Do you still want "ipsec auto --status"? Or do you want it with
right=FQDN?
<blockquote
cite="mid:alpine.LFD.2.10.1309210957180.3895@bofh.nohats.ca"
type="cite">
<br>
<blockquote type="cite">I've also thrown up another bug. In
ipsec.conf I have the usual "include /etc/ipsec.d/ipsec.*.conf",
but this loads
<br>
ipsec.unmanaged.MumIn.conf and ipsec.unmanaged.MumIn.conf1 (I
usually append 1 so something to a file name to temporarily
remove it from
<br>
the equation). If correctly does not load
ipsec.unmanaged.MumIn.con1.
<br>
</blockquote>
<br>
Odd. I'll try and reproduce.
<br>
</blockquote>
Thinking about it, scrub this one. I think I know why I'm seeing it.
It may be a bug in our webconfig code.<br>
<blockquote
cite="mid:alpine.LFD.2.10.1309210957180.3895@bofh.nohats.ca"
type="cite">
<br>
Paul
<br>
</blockquote>
<br>
</body>
</html>