Hi everyone. I have a problem.
I'm totally in a dead end here. I'm trying to create a simple test VPN connection. The server is Openswan running on my Fedora Core 3 box. The box has 2 cards 10.1.1.1(eth0) and 10.1.2.1(eth1). The computer from which I'm starting the connection is 10.1.1.2, and it's a WIN XP SP2. The VPN client is the one built into Windows. This is how my ipsec.conf looks like this:
Code:
version 2.0
# basic configuration
config setup
interfaces="ipsec0=eth0 ipsec1=eth1"
klipsdebug=none
plutodebug=all
overridemtu=1410
nat_traversal=yes
# Add connections here
conn test
keyingtries=3
compress=yes
disablearrivalcheck=no
authby=secret
type=tunnel
keyexchange=ike
ikelifetime=240m
keylife=60m
pfs=no
forwardcontrol=yes
left=10.1.2.101
leftsubnet=10.1.2.0/24
leftprotoport=17/1701
leftnexthop=10.1.2.1
right=10.1.1.2
rightsubnet=10.1.1.2/32
rightnexthop=10.1.1.1
rightprotoport=17/1701
auto=add
include /etc/ipsec.d/examples/no_oe.conf
The WIN XP is set up to connect to 10.1.1.1, using l2tp and not getting Local Gateway form Server. I'm using Pre-Shared keys (entered in WIN XP too).
My Ipsec.secrets:
Code:
10.1.1.2 %any: PSK "mykey"
But when I start the connection in WIN XP, nothing happens. /var/log/secure shows:
Code:
packet from 10.1.1.2:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
packet from 10.1.1.2:500: ignoring Vendor ID payload [FRAGMENTATION]
packet from 10.1.1.2:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
packet from 10.1.1.2:500: ignoring Vendor ID payload [Vid-Initial-Contact]
packet from 10.1.1.2:500: initial Main Mode message received on 10.1.1.1:500 but no connection has been authorized
packet from 10.1.1.2:500: ignoring Delete SA payload: not encrypted
packet from 10.1.1.2:500: received and ignored informational message
Sorry for the long texts, but I simply can't imagine what could be wrong. Why is the connection not authorized?