Hello,<br>I'm a new user of openswan.<br>I try to set up a connexion between openswan (Linux Openswan U2.4.7/K2.6.18-1.2798.fc6 (netkey)) and a Juniper ns208.<br>When i try to setup the link i have the folowing messages. <br>
<br>=====================================================================<br>[root@lt85 ~]# ipsec auto --verbose --up lt85_to_centre<br>002 "lt85_to_centre" #11: initiating Main Mode<br>104 "lt85_to_centre" #11: STATE_MAIN_I1: initiate
<br>003 "lt85_to_centre" #11: ignoring unknown Vendor ID payload [166f932d55eb64d8e4df4fd37e2313f0d0fd84510000000000000000]<br>003 "lt85_to_centre" #11: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
<br>003 "lt85_to_centre" #11: received Vendor ID payload [Dead Peer Detection]<br>003 "lt85_to_centre" #11: ignoring Vendor ID payload [HeartBeat Notify 386b0100]<br>002 "lt85_to_centre" #11: enabling possible NAT-traversal with method draft-ietf-ipsec-nat-t-ike-02/03
<br>002 "lt85_to_centre" #11: discarding packet received during asynchronous work (DNS or crypto) in STATE_MAIN_I1<br>002 "lt85_to_centre" #11: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
<br>106 "lt85_to_centre" #11: STATE_MAIN_I2: sent MI2, expecting MR2<br>003 "lt85_to_centre" #11: discarding duplicate packet; already STATE_MAIN_I2<br>002 "lt85_to_centre" #11: I did not send a certificate because I do not have one.
<br>003 "lt85_to_centre" #11: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected<br>002 "lt85_to_centre" #11: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>108 "lt85_to_centre" #11: STATE_MAIN_I3: sent MI3, expecting MR3
<br>003 "lt85_to_centre" #11: discarding duplicate packet; already STATE_MAIN_I3<br>002 "lt85_to_centre" #11: Main mode peer ID is ID_IPV4_ADDR: '194.250.x.x'<br>002 "lt85_to_centre" #11: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
<br>004 "lt85_to_centre" #11: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<br>002 "lt85_to_centre" #12: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#11}
<br>117 "lt85_to_centre" #12: STATE_QUICK_I1: initiate<br>002 "lt85_to_centre" #12: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>004 "lt85_to_centre" #12: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x7593622b <0x6859dbc5 xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}
<br>=====================================================================<br>IPsec SA established ?!<br><br>A made a test by sending a ping to the 194.250.x.x.<br>A tcpdump shows the following (no ESP msg):<br><br>=====================================================================
<br>[root@lt85 ~]# tcpdump host 194.250.x.x<br>19:48:37.441373 IP lt85.xxx.xxx > 194.250.x.x : ICMP echo request, id 1024, seq 55960, length 24<br>=====================================================================<br>
<br>Any help is appreciated.<br>Thanks a lot.<br><br>-- <br>Didine