I can't get my ipsec infrastructure working.
My goal is to authenticate on vpn server the wifi network. The vpn server is protected by the firewall. The wifi network has to surf the internal network (10. class) My conf is this: 192.168.1.0/24 192.168.1.4 10.10.1.254 10.10.1.213 ---------------------- ----------------------- ------------------------ | wifi network | -> | firewall | -> | vpn server | ---------------------- ------------------------ ------------------------ Now, my configuration is: config setup # plutodebug=all # crlcheckinterval=600 # strictcrlpolicy=yes # cachecrls=yes # nat_traversal=yes charonstart=yes plutostart=yes nat_traversal=yes virtual_private=%v4:192.168.1.0/24 conn L2TP authby=psk pfs=no rekey=no type=transport esp=aes128-sha1 ike=aes128-sha-modp1024 left=10.10.1.213 leftnexthop=%defaultroute leftprotoport=17/1701 right=%any rightprotoport=17/%any auto=add forceencaps=yes include /var/lib/strongswan/ipsec.conf.inc When I start ipsec everything goes well, but when I try to authenticate what I get (mainly) is: srvvpn pluto[19642]: "L2TP"[1] 192.168.1.104:4500 #1: cannot respond to IPsec SA request because no connection is known for 192.168.1.4/32===10.10.1.213:4500:17/1701...192.168.1.104:4500:17/%any Moreover my ipsec statusall shows: ipsec statusall 000 interface lo/lo ::1:500 000 interface lo/lo 127.0.0.1:4500 000 interface lo/lo 127.0.0.1:500 000 interface eth0/eth0 10.10.1.213:4500 000 interface eth0/eth0 10.10.1.213:500 000 %myid = (none) 000 debug none 000 000 "L2TP": 10.10.1.213:17/1701---10.10.1.254...%any:17/%any; unrouted; eroute owner: #0 000 "L2TP": ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "L2TP": policy: PSK+ENCRYPT+DONTREKEY; prio: 32,32; interface: eth0; 000 "L2TP": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "L2TP": IKE algorithms wanted: 7_128-2-2, 000 "L2TP": IKE algorithms found: 7_128-2_160-2, 000 "L2TP": ESP algorithms wanted: 12_128-2, 000 "L2TP": ESP algorithms loaded: 12_128-2_160, 000 Performance: uptime: 8 minutes, since Oct 11 13:29:07 2011 worker threads: 9 idle of 16, job queue load: 0, scheduled events: 0 loaded plugins: curl ldap random x509 pubkey xcbc hmac openssl agent gmp kernel-netlink stroke updown Listening IP addresses: 10.10.1.213 Connections: Security Associations: none What should I do? Thanks in advance, Pietro Vassalli -- Pietro Vassalli Organize Systems S.A. Via Carvina 1 6807 Taverne Tel.+41919453322 Fax+41919453320
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
