Waseem Ahammed
asked on
Error : 029 "L2TP-PSK-noNAT": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Hello,
I have been trying to install Openswan on Ubuntu, but I keep getting the following error,
029 "L2TP-PSK-noNAT": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
This is my ipsec.conf file
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----
config setup
dumpdir=/var/run/pluto/
#in what directory should things started by setup (notably the Pluto daemon) be allowed to dump core?
nat_traversal=yes
#whether to accept/offer to support NAT (NAPT, also known as "IP Masqurade") workaround for IPsec
virtual_private=%v4:10.0.0 .0/8,%v4:1 92.168.0.0 /16,%v4:17 2.16.0.0/1 2,%v6:fd00 ::/8,%v6:f e80::/10
#contains the networks that are allowed as subnet= for the remote client. In other words, the address ranges that may live behind a NAT router through which a client connects.
protostack=netkey
#decide which protocol stack is going to be used.
force_keepalive=yes
keep_alive=60
# Send a keep-alive packet every 60 seconds.
conn L2TP-PSK-noNAT
authby=secret
#shared secret. Use rsasig for certificates.
pfs=no
#Disable pfs
auto=add
#the ipsec tunnel should be started and routes created when the ipsec daemon itself starts.
keyingtries=3
#Only negotiate a conn. 3 times.
ikelifetime=8h
keylife=1h
ike=aes256-sha1,aes128-sha 1,3des-sha 1
phase2alg=aes256-sha1,aes1 28-sha1,3d es-sha1
# https://lists.openswan.org/pipermail/users/2014-April/022947.html
# specifies the phase 1 encryption scheme, the hashing algorithm, and the diffie-hellman group. The modp1024 is for Diffie-Hellman 2. Why 'modp' instead of dh? DH2 is a 1028 bit encryption algorithm that modulo's a prime number, e.g. modp1028. See RFC 5114 for details or the wiki page on diffie hellmann, if interested.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -----
and ipsec.secrets file
129.144.145.202 %any: PSK "45c02226d0acb4ca9a7b14bed 8c82a99b37 0439b52ea6 5fd4bd5bbb d29a2"
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ----
Please help
I have been trying to install Openswan on Ubuntu, but I keep getting the following error,
029 "L2TP-PSK-noNAT": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
This is my ipsec.conf file
--------------------------
config setup
dumpdir=/var/run/pluto/
#in what directory should things started by setup (notably the Pluto daemon) be allowed to dump core?
nat_traversal=yes
#whether to accept/offer to support NAT (NAPT, also known as "IP Masqurade") workaround for IPsec
virtual_private=%v4:10.0.0
#contains the networks that are allowed as subnet= for the remote client. In other words, the address ranges that may live behind a NAT router through which a client connects.
protostack=netkey
#decide which protocol stack is going to be used.
force_keepalive=yes
keep_alive=60
# Send a keep-alive packet every 60 seconds.
conn L2TP-PSK-noNAT
authby=secret
#shared secret. Use rsasig for certificates.
pfs=no
#Disable pfs
auto=add
#the ipsec tunnel should be started and routes created when the ipsec daemon itself starts.
keyingtries=3
#Only negotiate a conn. 3 times.
ikelifetime=8h
keylife=1h
ike=aes256-sha1,aes128-sha
phase2alg=aes256-sha1,aes1
# https://lists.openswan.org/pipermail/users/2014-April/022947.html
# specifies the phase 1 encryption scheme, the hashing algorithm, and the diffie-hellman group. The modp1024 is for Diffie-Hellman 2. Why 'modp' instead of dh? DH2 is a 1028 bit encryption algorithm that modulo's a prime number, e.g. modp1028. See RFC 5114 for details or the wiki page on diffie hellmann, if interested.
--------------------------
and ipsec.secrets file
129.144.145.202 %any: PSK "45c02226d0acb4ca9a7b14bed
--------------------------
Please help
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Please see the IPSec.conf example at sourceforge link http://leaf.sourceforge.net/doc/bucu-openswan.html