help: no suitable connection for peer
hi, im trying make a test lan with vpn gatway running
openswan 2.3 with debian woody.
this is my sample lan:
Notebook vpn gw desktop
10.10.2.154----10.10.1.231 -
192.168.0.1----192.168.0.2
eth0 eth1
my ipsec.conf:
version 2.0
config setup
interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.0.0/255.255.255.0
also=roadwarrior
conn roadwarrior
left=eth1
leftcert=teste.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
my ipsec.secrets
: RSA teste.key ""
im using Marcus Müller's ipsec.exe utility with Win Xp
prof sp2.
here is the ipsec.conf from xp:
conn roadwarrior
left=%any
right=10.10.1.231
rightca="C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br"
network=auto
auto=start
pfs=yes
conn roadwarrior-net
left=%any
right=10.10.1.231
rightsubnet=192.168.0.0/255.255.255.0
rightca="C=br,ST=paraiba,L=joao
pessoa,O=sefin,CN=teste,Email=nobregasz@yahoo.com.br"
network=auto
auto=start
pfs=yes
wehn im try ping 192.168.0.1 or 192.168.0.2 or
10.10.1.321 from 10.10.2.154 im receving Negotiating
IP Security and 100% packet loss.
im using
iptables -A INPUT -p 50 -j ACCEPT
iptables -A INPUT -p 51 -j ACCEPT
iptables -A OUTPUT -p 50 -j ACCEPT
iptables -A OUTPUT -p 51 -j ACCEPT
iptables -A INPUT -p udp --sport 500 --dport 500 -j
ACCEPT
iptables -A OUTPUT -p udp --sport 500 --dport 500 -j
ACCEPT
so.. my gw log gives me:
Feb 2 16:26:15 vpn pluto[3320]: packet from
10.10.2.154:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Feb 2 16:26:15 vpn pluto[3320]: packet from
10.10.2.154:500: ignoring Vendor ID payload
[FRAGMENTATION]
Feb 2 16:26:15 vpn pluto[3320]: packet from
10.10.2.154:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
already using method 0
Feb 2 16:26:15 vpn pluto[3320]: packet from
10.10.2.154:500: ignoring Vendor ID payload
[26244d38eddb61b3172a36e3d0cfb819]
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: responding to Main
Mode from unknown peer 10.10.2.154
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: transition from
state (null) to state STATE_MAIN_R1
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is
ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:15 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: no suitable
connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:16 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is
ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:16 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: no suitable
connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:18 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is
ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:18 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: no suitable
connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:22 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is
ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:22 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: no suitable
connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:30 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is
ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:30 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: no suitable
connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:46 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: Peer ID is
ID_DER_ASN1_DN: 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:26:46 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: no suitable
connection for peer 'C=br,ST=paraiba,L=joao
pessoa,O=teste,CN=teste,Email=nobregasz@yahoo.com.br'
Feb 2 16:27:18 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: encrypted
Informational Exchange message is invalid because it
is for incomplete ISAKMP SA
Feb 2 16:27:25 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===? #5: max number of
retransmissions (2) reached STATE_MAIN_R2
Feb 2 16:27:25 vpn pluto[3320]: "packetdefault"[5]
0.0.0.0/0=== ...10.10.2.154===?: deleting connection
"packetdefault" instance with peer 10.10.2.154
{isakmp=#0/ipsec=#0}
Can anybody help me with this connection setup?
greets
Rodrigo
_______________________________________________________
Yahoo! Acesso Grátis - Instale o discador do Yahoo! agora. http://br.acesso.yahoo.com/ - Internet rápida e grátis
Reply to: