Menu
▾
▴
[IPCop-user] no connection has been authorized with policy=PSK
|
From: Kristian N. <kni...@we...> - 2006-11-30 01:35:05
|
Have successfully connected a windowsXP box running openvpn client to an
ipcop running openvpn/zarina but would now like to use IPSec because
other offices use netgear routers. I have a Netgear DG834G
vpn/asdl/router which I am trying to connect to ipcop 1.4.11 ipsec vpn.
The error I get in ipsec logs on ipcop is 'no connection has been
authorized with policy=PSK'
My setup is as follows...
IPCOP AT WORK...
green: 192.168.70.1
red: 10.0.7.2 (note this is different from public ip)
public ip: 1.2.3.4
NETGEAR AT HOME...
static public ip: 5.6.7.8
local router ip: 192.168.80.1
I create a net-to-net vpn in ipcop, here is the ipsec.conf...
config setup
interfaces="%defaultroute ipsec1=eth0 "
klipsdebug="none"
plutodebug="crypt parsing emitting control klips dns nat_t "
plutoload=%search
plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.70.0/255.255.255.0,%v4:!192.168.71.0/255.255.255.0,%v4:!192.168.80.0/255.255.255.0
conn %default
keyingtries=0
disablearrivalcheck=no
conn kristiannetgear
left=1.2.3.4
leftnexthop=%defaultroute
leftsubnet=192.168.70.0/255.255.255.0
rightsubnet=192.168.80.0/255.255.255.0
rightnexthop=%defaultroute
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
ikelifetime=1h
keylife=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
pfs=yes
authby=secret
auto=start
and ipsec.secrets...
: RSA /var/ipcop/certs/hostkey.pem
1.2.3.4 5.6.7.8 : PSK "mypassword"
I am probably doing something stupid - I am not sure about my work side
- is my red interface being 10.0.7.2 OK? This setup worked with openvpn.
regards,
Kristian.
|