[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] Openswan to Openswan - inconsistent behavior
From:       "Andy Theuninck" <gohanman () gmail ! com>
Date:       2008-12-23 14:13:35
Message-ID: f8a02f3e0812230613v1b35161bm3f65a73de18e11ac () mail ! gmail ! com
[Download RAW message or body]

The reason I'm confused is the other end WAS seeing my packets. Then I
changed ipsec.secrets on the right side, tried again, and left was no
longer seeing any packets. When I got the PSK error, the other side
logged the connection attempt. I can't figure out why none of the
subsequent attempts went through when the only thing that changed is
ipsec.secrets (and given what you said, that wouldn't even matter
since I didn't restart openswan).

On Mon, Dec 22, 2008 at 10:10 PM, Paul Wouters <paul@xelerance.com> wrote:
> On Mon, 22 Dec 2008, Andy Theuninck wrote:
>
>> 003 "WFC" #1: Can't authenticate: no preshared key found for
>> `192.168.0.3' and `1.2.3.4'.  Attribute OAKLEY_AUTHENTICATION_METHOD
>
>> Server log showed the attempted connection as well. I edited
>> /etc/ipsec.secrets on the client, replacing "%any" with "192.168.0.3".
>> I then tried bringing up the connection again on the client and go
>> this:
>
> That bug should be fixed in openswan 2.6.19.
>
>> 104 "WFC" #1: STATE_MAIN_I1: initiate
>> 010 "WFC" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
>> 010 "WFC" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
>
> So the other end is not seeing your packets.
>
>> The server now shows no sign of the connection attempt, despite
>> /etc/ipsec.secrets being the only file that changed. I changed
>> /etc/ipsec.secrets back and tried bringing up the connection on the
>> client one last time:
>
> Note that if you change ipsec.secrets, you need to reload them using
> 'ipsec secrets' or restart openswan.
>
> Paul
>

[prev in list] [next in list] [prev in thread] [next in thread]