Hi,
Right, it was a version mismatch and I figured out where to get the
matching package version from:
http://leaf.cvs.sourceforge.net/leaf/bin/packages/uclibc-0.9/20/2.4.31/
But now I keep getting this in the log files. I fixed this before but
now it's come back with the new package (but using my original config
files obviously)
ignoring Vendor ID payload [FRAGMENTATION]
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
initial Main Mode message received on 1.2.3.4:500 but no connection has
been authorized with policy=PSK
Here are my ipsec.conf and ipsec.secrets files:
Thanks,
James.
**ipsec.conf**
# /etc/ipsec.conf - Openswan IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in Openswan's doc/examples file, in the HTML documentation, and online
# at http://www.openswan.org/docs/
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for
lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# Don't wait for pluto to complete every plutostart before
continuing
plutowait=no
# Close down old connection when new one using same ID shows up.
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:
!192.168.27.0/24,%v4:!192.168.17.0/24
# Defaults for all connection descriptions
conn %default
keyingtries=0
disablearrivalcheck=no
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand
authby=secret
auto=add
# Example VPN connection for the following scenario:
#
# leftsubnet
#
172.16.0.0/24---([172.16.0.1]left[10.0.0.10])---([10.0.0.1]router)--
-\
#
|
# rightsubnet
|
#
192.168.0.0/24--([192.168.0.1]right[10.12.12.10])---([10.12.12.1]router)
-/
#
#conn sample
# # Left security gateway, subnet behind it, next hop toward
right.
# left=10.0.0.10
# leftnexthop=10.0.0.1
# leftsubnet=172.16.0.0/24
# # Right security gateway, subnet behind it, next hop toward
left.
# right=10.12.12.10
# rightnexthop=10.12.12.1
# rightsubnet=192.168.0.0/24
# # To initiate this connection automatically at startup,
# # uncomment this:
# #auto=start
# Configuration supporting multiple users with any type of
# IPsec/L2TP client. This includes the updated Windows 2000/XP
# (MS KB Q818043), Vista and Mac OS X 10.3+ but excludes the
# non-updated Windows 2000/XP.
#
# Authenticates through a Pre-Shared Key. Supports clients that
# are not behind NAT. Does not support clients that are behind NAT.
conn L2TP-PSK
#
authby=secret
pfs=no
rekey=no
keyingtries=3
#
# --
# The VPN server.
#
# Allow incoming connections on the external network interface.
# If you want to use a different interface or if there is no
# defaultroute, you can use: left=your.ip.addr.ess
#
left=%defaultroute
#
leftprotoport=17/1701
# If you insist on supporting non-updated Windows clients,
# you can use:leftprotoport=17/%any
#
# --
# The remote user(s).
#
# Allow incoming connections only from this IP address.
#right=234.234.234.234
# If you want to allow multiple connections from any IP address,
# you can use:right=%any
#
rightprotoport=17/%any
#
# --
# Change 'ignore' to 'add' to enable this configuration.
#
auto=add
left=1.2.3.4
rightsubnet=vhost:%no,%priv
**ipsec.secrets**
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf,
DNS,
# or configuration of other implementations, can be extracted
conveniently
# with "ipsec showhostkey".
: RSA {
# -- Create your own RSA key with "ipsec rsasigkey"
}
# do not change the indenting of that "}"
#
# Sample /etc/ipsec.secrets file
# The Openswan server has an IP address of 123.123.123.123
#
# Preshared Keys for two clients with fixed IP addresses:
#123.123.123.123 234.234.234.234: PSK "keyforoneclient"
#123.123.123.123 111.222.111.222: PSK "keyforanotherclient"
# Preshared Key f
