Re: [strongSwan] strongswan <=> openswan

Andreas Steffen Sun, 27 Feb 2011 10:43:58 -0800

Hi Gary,

strongSwan is configured for the IKEv2 protocol but
the error message


> initial Main Mode message received on strongswanip:500 but no
connection has been authorized with policy=PUBKEY

was issued by strongSwan's IKEv1 pluto daemon. This means that
the Openswan end initiates the connection using the old IKEv1
protocol. Please configure Openswan to use IKEv2.

Regards

Andreas

On 27.02.2011 19:04, Gary Smith wrote:
>>
>> using certificates Openswan should smoothly interoperate smoothly
>> with strongSwan (actually I'm the author of the X.509 Openswan code).
>> The configuration should be more or less identical to strongSwan's.
>>
>> Best  regards
>>
>> Andreas
>>
> 
> 
> # The openswan server
> config setup
>         protostack=netkey 
>         nat_traversal=yes
>         plutodebug=all
> 
> conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=1
>         #keyexchange=ikev2
>         #mobike=no
> 
> conn fre-sli
>         type=           tunnel
>         authby=         rsasig
>         left=           openswanip
>         leftcert=       openswankey.pem
>         leftid=         @openswanid
>         leftsubnet=     10.60.1.0/24
>         right=          strongswanip
>         rightid=        @strongswanid
>         rightsubnet=    10.40.0.0/16
>         keyexchange=    ike
>         auto=           start
> 
> 
> # The strongswan server
> config setup
>         crlcheckinterval=180
>         strictcrlpolicy=no
>         plutostart=yes
> 
> conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=1
>         keyexchange=ikev2
>         mobike=no
> 
> conn fre-sli
>         left=           strongswanlocalip
>         leftcert=       strongswanlocalkey.pem
>         leftid=         @strongswanid
>         leftsubnet=     10.40.0.0/16
>         leftfirewall=   yes
>         right=          openswanip
>         rightid=      @openswanid
>         rightsubnet=    10.60.1.0/24
>         keyexchange=    ike
>         auto=           start
> 
> 
> I get:
> initial Main Mode message received on strongswanip:500 but no connection has 
> been authorized with policy=PUBKEY
> 
> I know I'm probably just missing something simply. Can you guide me in the 
> right diraction.
> 
> _______________________________________________
> Users mailing list
> [email protected]
> https://lists.strongswan.org/mailman/listinfo/users


-- 
======================================================================
Andreas Steffen                         [email protected]
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] strongswan <=> openswan

Reply via email to