[vpnc-devel] HELP!!! about vpnc-0.5.1 failed to connec to openswan-2.4.11 on CentOS-4.5

zhengfish zhengfish at gmail.com
Thu Jan 3 09:26:37 CET 2008


Hi, Mr Massar,
    I want to study the vpnc!

    First I want test and use it on linux(centos). But I cannot make it
works on my two centos-4.5 box.
    It output log/error: initial Aggressive Mode message from
192.168.1.10 but no (wildcard) connection has been configured

    Would you pls give me some advice or tips?
    Thx a LOT!

zhengfish @ 2008-01-01



    I just try to test vpnc(Client) connecting openswan(Server), the
topo as following:


   [vpnc/centos-4.5] +---------------+ [openswan/centos-4.5]
                             |               |
                    192.168.1.10        192.168.1.3

--------------------------------client.vpnc.config.file-------------------------------------------
# cat vpnc.conf
IPSec gateway 192.168.1.3
IPSec ID @rw.vpnc
IPSec secret ipsec123
Xauth username linux
Xauth password linux123

--------------------------------server.openswan.config.files-------------------------------------------
# cat /etc/ipsec.conf
version 2.0

config setup
   interfaces=%defaultroute
   nat_traversal=yes
   nhelpers=0

conn %defaults
   left=%defaultroute
   leftid=@gw.centos
   auto=add
   authby=secret
   keyingtries=0

conn conn-vpnc
   #right=%any
   right=192.168.1.10
   rightsubnet=192.168.5.1/24
   rightid=@rw.vpnc
   rightnexthop=%defaultroute
   keyexchange=ike
   esp=3des-sha1
   ike=3des-sha1
   auto=add
   auth=esp
   authby=secret
   pfs=no
   aggrmode=yes
   xauth=yes
   leftxauthserver=yes
   rightxauthclient=yes

include /etc/ipsec.d/examples/no_oe.conf


# cat /etc/ipsec.secrets
......
192.168.1.3 %any : PSK "ipsec123"

-------------------------------server.log-------------------------------------------------------
# tail -f /var/log/secure
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [XAUTH]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [Cisco-Unity]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [RFC 3947] method set to=109
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500:
ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [Dead Peer Detection]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: initial
Aggressive Mode message from 192.168.1.10 but no (wildcard) connection
has been configured
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [XAUTH]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [Cisco-Unity]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [RFC 3947] method set to=109
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500:
ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [Dead Peer Detection]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: initial
Aggressive Mode message from 192.168.1.10 but no (wildcard) connection
has been configured
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [XAUTH]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [Cisco-Unity]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [RFC 3947] method set to=109
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500:
ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500:
received Vendor ID payload [Dead Peer Detection]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: initial
Aggressive Mode message from 192.168.1.10 but no (wildcard) connection
has been configured

-- 
a fish in info sea


More information about the vpnc-devel mailing list