<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:x =
"urn:schemas-microsoft-com:office:excel" xmlns:p =
"urn:schemas-microsoft-com:office:powerpoint" xmlns:a =
"urn:schemas-microsoft-com:office:access" xmlns:dt =
"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s =
"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs =
"urn:schemas-microsoft-com:rowset" xmlns:z = "#RowsetSchema" xmlns:b =
"urn:schemas-microsoft-com:office:publisher" xmlns:ss =
"urn:schemas-microsoft-com:office:spreadsheet" xmlns:c =
"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa =
"urn:schemas-microsoft-com:office:activation" xmlns:html =
"http://www.w3.org/TR/REC-html40" xmlns:q =
"http://schemas.xmlsoap.org/soap/envelope/" XMLNS:D = "DAV:" xmlns:x2 =
"http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois =
"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir =
"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds =
"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp =
"http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc =
"http://schemas.microsoft.com/data/udc" xmlns:xsd =
"http://www.w3.org/2001/XMLSchema" xmlns:sub =
"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec =
"http://www.w3.org/2001/04/xmlenc#" xmlns:sp =
"http://schemas.microsoft.com/sharepoint/" xmlns:sps =
"http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi =
"http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf =
"http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf =
"http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver =
"http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels =
"http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t =
"http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m =
"http://schemas.microsoft.com/exchange/services/2006/messages"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16608" name=GENERATOR><!--[if !mso]>
<STYLE>v\:* {
BEHAVIOR: url(#default#VML)
}
o\:* {
BEHAVIOR: url(#default#VML)
}
w\:* {
BEHAVIOR: url(#default#VML)
}
.shape {
BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
LI.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
DIV.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
PRE {
FONT-SIZE: 10pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Courier New"; mso-style-priority: 99; mso-style-link: "HTML Preformatted Char"
}
SPAN.HTMLPreformattedChar {
FONT-FAMILY: "Courier New"; mso-style-priority: 99; mso-style-link: "HTML Preformatted"; mso-style-name: "HTML Preformatted Char"
}
SPAN.EmailStyle19 {
COLOR: windowtext; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal
}
SPAN.EmailStyle20 {
COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal
}
SPAN.EmailStyle21 {
COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-reply
}
.MsoChpDefault {
FONT-SIZE: 10pt; mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>Firewall was merely a place to check, not guaranteed to be
the problem.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>If you can get a console on your Ubuntu, you can check
firewall with...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>iptables -t filter -L -n -v</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>iptables -t nat -L -n -v</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>iptables -t mangle -L -n -v</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>Are you connecting through the internet, or are you testing
internally?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>Do both the Ubuntu server and linksys router have public
internet ip addresses?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>(Not 172.16...172.32... or 10... or 192.168...,
etc...)</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>I cannot tell as you completely edited them from your
posts.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>Next time try just masking the end like:
66.11.x.x</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>Testing internally sometimes needs different settings than
production internet.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>Is linksys using DES or 3DES? Should be 3DES & MD5
matching your openswan.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=510423316-14032008><FONT face=Arial
color=#0000ff size=2>Can you show us your linksys ipsec
configuration?</FONT></SPAN></DIV></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> users-bounces@openswan.org
[mailto:users-bounces@openswan.org] <B>On Behalf Of </B>Chris
Thomas<BR><B>Sent:</B> March 14, 2008 12:19 PM<BR><B>To:</B>
users@openswan.org<BR><B>Subject:</B> Re: [Openswan Users] Getting
there....<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">OK, I have hit a brick wall
here and it’s getting a bit frustrating. I have disabled the Linux
firewall and the Shoreline firewall on my server and I’m still getting the
same error below when I attempt to establish the tunnel. Is this
absolutely positively due to a firewall issue or is it possible that I’ve got
something else incorrectly configured somewhere? I am fairly new to
Linux so I am administering my Ubuntu server with Webmin. That is what I
am using to verify that the firewall(s) are turned off.
<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">I have also disabled the
firewall on the Linksys box and have examined it’s logs. This is what
shows up after I hit “connect” to initiate the tunnel:<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 14 09:33:34 - [VPN Log]:
"pax_square" #2: initiating Main Mode<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 14 09:33:43 - [VPN Log]:
initiate on demand from 192.168.36.100:0 to 192.168.0.30:0 proto=0 state:
fos_start because: acquire<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 14 09:34:44 - [VPN Log]:
"pax_square" #2: max number of retransmissions (2) reached STATE_MAIN_I1. No
response (or no acceptable response) to our first IKE
message<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 14 10:08:54 - [VPN Log]:
"pax_square" #3: initiating Main Mode<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 14 10:10:04 - [VPN Log]:
"pax_square" #3: max number of retransmissions (2) reached STATE_MAIN_I1. No
response (or no acceptable response) to our first IKE
message<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 14 10:53:58 - [VPN Log]:
"pax_square" #4: initiating Main Mode<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 14 10:55:08 - [VPN Log]:
"pax_square" #4: max number of retransmissions (2) reached STATE_MAIN_I1. No
response (or no acceptable response) to our first IKE
message<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">If it helps, this is my
ipsec.conf file on the Ubuntu server running OpenSwan:<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">version
2.0 # conforms to second
version of ipsec.conf specification<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">config
setup<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
interfaces=%defaultroute<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
uniqueids=yes<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt"> <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">include
/etc/ipsec.d/examples/no_oe.conf<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt"> <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">conn
pax_square<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
also=central-site<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
right=%any<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
rightid=@pax_square<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
rightsubnet=192.168.36.0/24<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
also=linksys-policy<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt"> auto=add
<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt"> <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">conn
central-site<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
left=(external IP of Linux server)<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
leftsubnet=192.168.0.0/24<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
leftsourceip=192.168.0.20<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">conn
linksys-policy<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">
ike=3des-md5-modp1024 <o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
esp=3des-md5
<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">
compress=no<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">
authby=secret </SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>If it’s definitely the firewall, I’ll go back to the
drawing board and see what I can see.<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>As before, I appreciate the help and
patience.<o:p></o:p></P>
<P class=MsoNormal>Thanks<o:p></o:p></P>
<P class=MsoNormal>-Chris<o:p></o:p></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<DIV>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<P class=MsoNormal><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"> Peter McGill
[mailto:petermcgill@goco.net] <BR><B>Sent:</B> Thursday, March 13, 2008 4:14
PM<BR><B>To:</B> Chris Thomas; users@openswan.org<BR><B>Subject:</B> RE:
[Openswan Users] Getting there....<o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">Check
your firewall(s) on both ends, and check the linksys logs.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">You
must allow ipsec (and ipsec encapsulated traffic) in your
firewalls.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">protocol
port description</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">17
500 udp:isakmp</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">50 esp</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">You
must allow the above inbound and outbound on your internet
interfaces.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">You
must also allow the subnet-to-subnet traffic.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P></DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Peter
McGill</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P></DIV>
<BLOCKQUOTE
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; MARGIN: 5pt 0in 5pt 3.75pt; BORDER-LEFT: blue 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none">
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p> </o:p></SPAN></P>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'">
<HR align=center width="100%" SIZE=2>
</SPAN></DIV>
<P class=MsoNormal style="MARGIN-BOTTOM: 12pt"><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">
users-bounces@openswan.org [mailto:users-bounces@openswan.org] <B>On Behalf
Of </B>Chris Thomas<BR><B>Sent:</B> March 13, 2008 4:06 PM<BR><B>To:</B>
users@openswan.org<BR><B>Subject:</B> Re: [Openswan Users] Getting
there....</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal>OK, I changed my Linksys box to 1024 bit and I now have
this:<o:p></o:p></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:01:48
gatekeeper pluto[11850]: packet from (remote site IP):500: ignoring unknown
Vendor ID payload [4f4540454371496d7a684644]<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:01:48
gatekeeper pluto[11850]: packet from (remote site IP):500: received Vendor
ID payload [Dead Peer Detection]<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:01:48
gatekeeper pluto[11850]: packet from (remote site IP):500: received Vendor
ID payload [RFC 3947] meth=110, but port floating is
off<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:01:48
gatekeeper pluto[11850]: packet from (remote site IP):500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is
off<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:01:48
gatekeeper pluto[11850]: packet from (remote site IP):500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is
off<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:01:48
gatekeeper pluto[11850]: packet from (remote site IP):500: ignoring Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-00]<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:01:48
gatekeeper pluto[11850]: "pax_square"[5] (remote site IP) #9: responding to
Main Mode from unknown peer (remote site IP)<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:01:48
gatekeeper pluto[11850]: "pax_square"[5] (remote site IP) #9: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:01:48
gatekeeper pluto[11850]: "pax_square"[5] (remote site IP) #9: STATE_MAIN_R1:
sent MR1, expecting MI2<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Mar 13 16:02:28
gatekeeper pluto[11850]: "pax_square"[5] (remote site IP) #7: max number of
retransmissions (2) reached STATE_MAIN_R1<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Thanks<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">-Chris<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="COLOR: #1f497d"><o:p> </o:p></SPAN></P>
<DIV>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<P class=MsoNormal><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"> Peter McGill
[mailto:petermcgill@goco.net] <BR><B>Sent:</B> Thursday, March 13, 2008 3:50
PM<BR><B>To:</B> Chris Thomas; users@openswan.org<BR><B>Subject:</B> RE:
[Openswan Users] Getting there....<o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">There
is a mismatch in your options, specifically your DH/modp Group.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">Diffie-Hellman
(DH) Group needs to match openswan's ike=*-modp????</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">I'm
guessing that your linksys is sending Diffie-Hellmen (DH) Group 1
(768-bit).</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">Openswan
will not allow this because it's too weak of security.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">If
you have ike=3des-md5-modp1024 or ike=aes-sha1-modp1024 as I
suggested,</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Arial','sans-serif'">then
change your linksys to use Group 2 (1024-bit) to match it.</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P></DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial','sans-serif'">Peter
McGill</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"> <o:p></o:p></SPAN></P></DIV>
<BLOCKQUOTE
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; MARGIN: 5pt 0in 5pt 3.75pt; BORDER-LEFT: blue 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none">
<P class=MsoNormal><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p> </o:p></SPAN></P>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'">
<HR align=center width="100%" SIZE=2>
</SPAN></DIV>
<P class=MsoNormal style="MARGIN-BOTTOM: 12pt"><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">
users-bounces@openswan.org [mailto:users-bounces@openswan.org] <B>On
Behalf Of </B>Chris Thomas<BR><B>Sent:</B> March 13, 2008 3:40
PM<BR><B>To:</B> users@openswan.org<BR><B>Subject:</B> [Openswan Users]
Getting there....</SPAN><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman','serif'"><o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Hello again,
everyone. I have configured my Linksys box to connect to my Ubuntu
server running OpenSwan, but when I attempt to initiate the connection, my
logs on the server at HQ get full of this stuff:<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: packet from (remote site external IP):500:
ignoring unknown Vendor ID payload
[4f4540454371496d7a684644]<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: packet from (remote site external IP):500:
received Vendor ID payload [Dead Peer Detection]<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: packet from (remote site external IP):500:
received Vendor ID payload [RFC 3947] meth=110, but port floating is
off<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: packet from (remote site external IP):500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
port floating is off<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: packet from (remote site external IP):500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
port floating is off<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: packet from (remote site external IP):500:
ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: "pax_square"[1] (remote site external IP) #1:
responding to Main Mode from unknown peer (remote site external
IP)<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: "pax_square"[1] (remote site external IP) #1:
only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.
Attribute OAKLEY_GROUP_DESCRIPTION<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: "pax_square"[1] (remote site external IP) #1: no
acceptable Oakley Transform<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: "pax_square"[1] (remote site external IP) #1:
sending notification NO_PROPOSAL_CHOSEN to (remote site external
IP):500<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">Mar 13 15:31:54
gatekeeper pluto[11850]: "pax_square"[1] (remote site external IP):
deleting connection "pax_square" instance with peer (remote site external
IP) {isakmp=#0/ipsec=#0}<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">I am assuming that it has
something to do with the Preshared key that I am using, but I am not too
sure how to go about fixing it. I do not want to be a nuisance, but
can anyone give me a (another) push in the right direction?
<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN style="FONT-SIZE: 10pt">I appreciate your
patience.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt">-Chris</SPAN><o:p></o:p></P></BLOCKQUOTE></BLOCKQUOTE></DIV></BLOCKQUOTE></BODY></HTML>