<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.E-mailStijl17
{mso-style-type:personal-compose;
font-family:Tahoma;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=NL link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Hello Openswan Users,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>I am trying to configure openswan for a vpn with a
Netopia router in aggressive mode. I use aggressive mode (I know it is not so
safe!), because I have a lot of Netopia routers, and with a Netopia router it
is not possible to define a left id and right id in main mode (it will use
default the external address). All my Netopia routers have a dynamic ip
address. Also define a dyndns account is not possible on the Netopia.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>When I use main mode with 1 Netopia router, the vpn
is working perfect. When I use more than 1 Netopia router, I can’t build
up the two tunnels.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>In log files I have this:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:22 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: Aggressive mode peer ID is ID_FQDN:
'@netopia.ipsec'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:22 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: responding to Aggressive Mode, state
#1, connection "openswan" from 80.201.162.93<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:22 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: transition from state STATE_AGGR_R0
to state STATE_AGGR_R1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:22 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: STATE_AGGR_R1: sent AR1, expecting
AI2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:22 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: packet rejected: should have been
encrypted<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:22 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: sending notification INVALID_FLAGS to
80.201.162.93:500<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:22 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: next payload type of ISAKMP Hash
Payload has an unknown value: 56<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:22 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: malformed payload in packet<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:22 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: sending notification
PAYLOAD_MALFORMED to 80.201.162.93:500<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:24 axsweb pluto[30079]: "openswan"[1]
80.201.162.93 #1: Quick Mode message is unacceptable because it is for an
incomplete ISAKMP SA<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:24 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: sending notification
PAYLOAD_MALFORMED to 80.201.162.93:500<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:40 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: Quick Mode message is unacceptable
because it is for an incomplete ISAKMP SA<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:40 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: sending notification
PAYLOAD_MALFORMED to 80.201.162.93:500<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:55 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: Quick Mode message is unacceptable
because it is for an incomplete ISAKMP SA<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:48:55 axsweb pluto[30079]:
"openswan"[1] 80.201.162.93 #1: sending notification
PAYLOAD_MALFORMED to 80.201.162.93:500<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>My ipsec.conf file looks like this:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>conn openswan<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
left="62.166.214.114"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
leftsubnet="192.168.123.0/255.255.255.0"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
leftnexthop="62.166.214.113"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
leftid="@openswan.ipsec"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
right="0.0.0.0"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'> rightsubnet="10.0.0.0/255.255.255.0"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
rightid="@netopia.ipsec"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
auto="add"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
authby="secret"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
type="tunnel"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
keyexchange="ike"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
auth="esp"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
pfs="no"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
ike="3des-md5-modp1024"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
ikelifetime="28800"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
esp="3des-md5-96"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
keylife="3600"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
aggrmode="yes"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>
rekey="yes"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>My ipsec.secrets:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>@openswan.ipsec @netopia.ipsec: PSK
"PreSharedKey"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Whe I only remove the aggrmode=”yes” in
my ipsec.conf file and also change the settings on the Netopia from aggressive
mode to main=mode, the vpn tunnel builds up directly (this is the log file
below):<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[1] 80.201.162.93 #1: responding to Main Mode from unknown
peer 80.201.162.93<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[1] 80.201.162.93 #1: transition from state STATE_MAIN_R0
to state STATE_MAIN_R1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[1] 80.201.162.93 #1: STATE_MAIN_R1: sent MR1, expecting
MI2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]: "openswan"[1]
80.201.162.93 #1: ignoring unknown Vendor ID payload
[3652d8cb0c2e66807ce8b6adf4a7a26c]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[1] 80.201.162.93 #1: transition from state STATE_MAIN_R1
to state STATE_MAIN_R2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[1] 80.201.162.93 #1: STATE_MAIN_R2: sent MR2, expecting
MI3<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[1] 80.201.162.93 #1: Main mode peer ID is ID_IPV4_ADDR:
'0.0.0.0'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[1] 80.201.162.93 #1: switched from "openswan" to
"openswan"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[2] 80.201.162.93 #1: deleting connection
"openswan" instance with peer 80.201.162.93 {isakmp=#0/ipsec=#0}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]: "openswan"[2]
80.201.162.93 #1: I did not send a certificate because I do not have one.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[2] 80.201.162.93 #1: transition from state STATE_MAIN_R2
to state STATE_MAIN_R3<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:21 axsweb pluto[32522]:
"openswan"[2] 80.201.162.93 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1024}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:22 axsweb pluto[32522]:
"openswan"[2] 80.201.162.93 #2: responding to Quick Mode {msgid:1b7445e5}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:22 axsweb pluto[32522]:
"openswan"[2] 80.201.162.93 #2: transition from state STATE_QUICK_R0
to state STATE_QUICK_R1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:22 axsweb pluto[32522]:
"openswan"[2] 80.201.162.93 #2: STATE_QUICK_R1: sent QR1, inbound
IPsec SA installed, expecting QI2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:22 axsweb pluto[32522]:
"openswan"[2] 80.201.162.93 #2: transition from state STATE_QUICK_R1
to state STATE_QUICK_R2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Sep 24 09:58:22 axsweb pluto[32522]:
"openswan"[2] 80.201.162.93 #2: STATE_QUICK_R2: IPsec SA established
{ESP=>0x863d0c7a <0x50d8ba1b xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>If I run “ipsec auto --status” :<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 interface lo/lo 127.0.0.1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 interface eth0/eth0 62.166.214.114<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 interface eth1/eth1 192.168.123.1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 %myid = (none)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 debug none<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP encrypt: id=2, name=ESP_DES,
ivlen=8, keysizemin=64, keysizemax=64<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP encrypt: id=3, name=ESP_3DES,
ivlen=8, keysizemin=192, keysizemax=192<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH,
ivlen=8, keysizemin=40, keysizemax=448<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP encrypt: id=11, name=ESP_NULL,
ivlen=0, keysizemin=0, keysizemax=0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP encrypt: id=12, name=ESP_AES,
ivlen=8, keysizemin=128, keysizemax=256<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP encrypt: id=252, name=ESP_SERPENT,
ivlen=8, keysizemin=128, keysizemax=256<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH,
ivlen=8, keysizemin=128, keysizemax=256<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP auth attr: id=1,
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP auth attr: id=2,
name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP auth attr: id=5,
name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm ESP auth attr: id=251, name=(null),
keysizemin=0, keysizemax=0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE encrypt: id=5,
name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE encrypt: id=7,
name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE hash: id=1, name=OAKLEY_MD5,
hashsize=16<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE hash: id=2, name=OAKLEY_SHA1,
hashsize=20<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE dh group: id=2,
name=OAKLEY_GROUP_MODP1024, bits=1024<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE dh group: id=5,
name=OAKLEY_GROUP_MODP1536, bits=1536<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE dh group: id=14,
name=OAKLEY_GROUP_MODP2048, bits=2048<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE dh group: id=15,
name=OAKLEY_GROUP_MODP3072, bits=3072<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE dh group: id=16,
name=OAKLEY_GROUP_MODP4096, bits=4096<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE dh group: id=17,
name=OAKLEY_GROUP_MODP6144, bits=6144<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192,
bits=8192<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 stats db_ops.c: {curr_cnt, total_cnt, maxsz}
:context={0,0,0} trans={0,0,0} attrs={0,0,0}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan":
192.168.123.0/24===62.166.214.114---62.166.214.113...%any===10.0.0.0/24;
unrouted; eroute owner: #0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan":
srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan": ike_life:
3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan": policy:
PSK+ENCRYPT+TUNNEL; prio: 24,24; interface: eth0;<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan": newest ISAKMP
SA: #0; newest IPsec SA: #0;<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan": ESP algorithms
wanted: 3_000-1, flags=strict<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan": ESP algorithms
loaded: 3_000-1, flags=strict<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan"[2]:
192.168.123.0/24===62.166.214.114---62.166.214.113...80.201.162.93[0.0.0.0]===10.0.0.0/24;
erouted; eroute owner: #2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan"[2]:
srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan"[2]: ike_life:
3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan"[2]: policy:
PSK+ENCRYPT+TUNNEL; prio: 24,24; interface: eth0;<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan"[2]: newest
ISAKMP SA: #1; newest IPsec SA: #2;<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan"[2]: IKE
algorithm newest: 3DES_CBC_192-MD5-MODP1024<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan"[2]: ESP
algorithms wanted: 3_000-1, flags=strict<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan"[2]: ESP
algorithms loaded: 3_000-1, flags=strict<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 "openswan"[2]: ESP
algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<N/A><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 #2: "openswan"[2] 80.201.162.93:500
STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 3132s; newest IPSEC;
eroute owner<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 #2: "openswan"[2] 80.201.162.93
esp.863d0c7a@80.201.162.93 esp.50d8ba1b@62.166.214.114 tun.0@80.201.162.93
tun.0@62.166.214.114<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>000 #1: "openswan"[2] 80.201.162.93:500
STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3131s;
newest ISAKMP; nodpd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'>Do I have to change something in the ipsec.conf I
use aggressive mode?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Tahoma><span lang=EN-US style='font-size:
10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p class=MsoNormal><st1:PersonName ProductID="Andy Van den Heede" w:st="on"><font
size=2 face=Tahoma><span lang=NL-BE style='font-size:10.0pt;font-family:Tahoma'>Andy
Van den Heede</span></font></st1:PersonName><font size=2 face=Tahoma><span
lang=NL-BE style='font-size:10.0pt;font-family:Tahoma'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
________________________________________________________________________<br>
Zin in een slipcursus? <br>
Kijk snel op http://www.axsweb.be<br>