[Openswan Users] Openswan and V-IPSecure

JT Edwards tstrike34 at gmail.com
Wed Sep 2 10:23:56 EDT 2009 

Ok I made the switch and this is what I am getting

Sep  2 09:15:44 wizbang pluto[18118]: packet from 12.234.22.224:500: 
ignoring un
known Vendor ID payload [810fa565f8ab14369105d706fbd57279]
Sep  2 09:15:44 wizbang pluto[18118]: packet from 12.234.22.224:500: 
ignoring un
known Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
Sep  2 09:15:44 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
respond
ing to Main Mode from unknown peer 12.234.22.224
Sep  2 09:15:44 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
transit
ion from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep  2 09:15:44 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
STATE_M
AIN_R1: sent MR1, expecting MI2
Sep  2 09:15:44 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
ignorin
g Vendor ID payload [KAME/racoon]
Sep  2 09:15:44 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
transit
ion from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep  2 09:15:44 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
STATE_M
AIN_R2: sent MR2, expecting MI3
Sep  2 09:15:45 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
Main mo
de peer ID is ID_FQDN: '@chipper.dyndns.org'
Sep  2 09:15:45 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: no 
suit
able connection for peer '@chipper.dyndns.org'
Sep  2 09:15:45 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
sending
 encrypted notification INVALID_ID_INFORMATION to 12.234.22.224:500
Sep  2 09:15:54 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
Main mo
de peer ID is ID_FQDN: '@chipper.dyndns.org'
Sep  2 09:15:54 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: no 
suit
able connection for peer '@chipper.dyndns.org'
Sep  2 09:15:54 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
sending
 encrypted notification INVALID_ID_INFORMATION to 12.234.22.224:500
Sep  2 09:15:55 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
Main mo
de peer ID is ID_FQDN: '@chipper.dyndns.org'
Sep  2 09:15:55 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: no 
suit
able connection for peer '@chipper.dyndns.org'
Sep  2 09:15:55 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
sending
 encrypted notification INVALID_ID_INFORMATION to 12.234.22.224:500
Sep  2 09:16:05 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
Main mo
de peer ID is ID_FQDN: '@chipper.dyndns.org'
Sep  2 09:16:05 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: no 
suit
able connection for peer '@chipper.dyndns.org'
Sep  2 09:16:05 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
sending
 encrypted notification INVALID_ID_INFORMATION to 12.234.22.224:500
Sep  2 09:16:14 wizbang pluto[18118]: "ait-to-home"[1] 12.234.22.224 #1: 
Main mo
de peer ID is ID_FQDN: '@chipper.dyndns.org'


conn ait-to-home
        # Configuration for one user with any type of IPsec/L2TP client
        # including the updated Windows 2000/XP (MS KB Q818043), but
        # excluding the non-updated Windows 2000/XP.
        #
        #
        # Use a certificate. Disable Perfect Forward Secrecy.
        #
        authby=rsasig
        pfs=no
        auto=add
        # we cannot rekey for %any, let client rekey
        rekey=no
        # Set ikelifetime and keylife to same defaults windows has
        ikelifetime=8h
        keylife=1h
        # l2tp-over-ipsec is transport mode
        # See http://bugs.xelerance.com/view.php?id=466
        type=transport
        #
        left=22.34.33.26
        leftid=@wizbang.me.org
        leftrsasigkey=%cert
        leftcert=/etc/ipsec.d/certs/aittorden.pem
        leftprotoport=17/1701
        #
        # The remote user.
        #
        right=%any
        rightca=%same
        rightid=@chipper.dyndns.org
        rightrsasigkey=%cert
        # Using the magic port of "0" means "any one single port". This is
        # a work around required for Apple OSX clients that use a randomly
        # high port, but propose "0" instead of their port. If that does
        # not work, try 17/%any (or fall back to 17/1701 for just Windows
        # clients.
        rightprotoport=17/0
        rightsubnet=vhost:%priv,%no



JT Edwards
Senior Solutions Architect (Automation and Service Management)
IBM Tivoli Certified
Direct: 281-226-0284
Direct: 512-772-3266
Follow Me: 1866-866-4391 ext 1
AIM tstrike34
GoogleTalk tstrike34 at gmail.com

--------------------------------------------------
From: "Erich Titl" <erich.titl at think.ch>
Sent: Wednesday, September 02, 2009 10:16 AM
To: "JT Edwards" <tstrike34 at gmail.com>
Subject: Re: [Openswan Users] Openswan and V-IPSecure

> Hi
>
> JT Edwards wrote:
>> Ok will do.... going to change it back and THANK You so much.... By the
>> way.... I have accepted your digital ID .... I really need to set up
>> mine as well  (been so  busy)
>
> Let me (and the group) know how you (hopefully) get it working
>
>>
>> If you have any questions about IBM stuff let me know...
>
> :-)
>
> Erich
>

More information about the Users mailing list