I'm running Openswan U2.4.0/K2.6.12-10-amd64-generic on Ubuntu Breezy
and trying to connect to a Watchguard Firebox II with no success.
I have full access to the router and can make whatever changes are
necessary. The old Interoperating wiki for Watchguard seems quite
out of date, since many of the options on the original mailing post are
no longer valid. One caveat... I'm running this on my Linux box
which is behind my Zyxel Firewall. The Zywall has an option to
forward IPSEC requests for VPNs. This works fine using the
Watchguard Windows client MUVPN, but I'm trying to avoid running
Windows.<br>
<br>
<br>
Here's the error lists that I get on my Watchguard System Manager:<br>
<br>
>From <my remote ip> AG-HDR ISA_SA ISA_KE ISA_NONCE ISA_ID ISA_VENDORID<br>
Proposal is unacceptable: mess_id=0<br>
Sending NO_PROPOSAL_CHOSEN message<br>
Error processing (sa)<br>
Agresssive Mode processing failed<br>
Header invalid (unable to verify, msg = ISA_SA)<br>
<br>
following by "Skipping duplicate packet from <my remote ip>"<br>
<br>
<br>
And, here is the error I get from running "ipsec auto --up my_connection":<br>
003 "my_connection" #1: multiple transforms were set in aggressive mode. Only first one used.<br>
003 "my_connection" #1: transform (5,2,2,0) ignored.<br>
003 "my_connection" #1: multiple transforms were set in aggressive mode. Only first one used.<br>
003 "my_connection" #1: transform (5,2,2,0) ignored.<br>
112 "my_connection" #1: STATE_AGGR_I1: initiate<br>
010 "my_connection" #1: STATE_AGGR_I1: retransmission; will wait 20s for response<br>
<br>
<br>
Here's my ipsec.conf file:<br>
<br>
version 2.0 # conforms to second version of ipsec.conf specification<br>
<br>
# basic configuration<br>
config setup<br>
interfaces=%defaultroute<br>
klipsdebug=none<br>
plutodebug=none<br>
uniqueids=yes<br>
<br>
# Add connections here<br>
conn my_connection<br>
type=tunnel<br>
keyingtries=0<br>
authby=secret<br>
left=<a href="http://192.168.1.34"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.34" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.34</a>
(that is my IP behind my firewall)<br>
leftnexthop=%defaultroute<br>
leftid=<a href="mailto:jave27@gmail.com">jave27@gmail.com</a><br>
right=<my_server_ip><br>
rightsubnet=<a href="http://192.168.0.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.0.0/24</a><br>
rightid=@<a href="http://gmail.com">gmail.com</a><br>
aggrmode=yes<br>
auto=add<br>
ike=3des-sha1<br>
pfs=yes<br>
<br>
I've tried all sorts of combinations, adding other options, getting rid
of almost all of them, but nothing seems to work. Any tips or
pointers to the right direction would be spectacular. Thanks in
advance!<br>