<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Hello all!<br>
<br>
I'm getting the following log output:<br>
<br>
----- BEGIN LOG -----<br>
Aug 10 14:24:54 amon pluto[28433]: | *received 637 bytes from
<roadwarrior-ip>:500 on eth0 (port=500)<br>
Aug 10 14:24:54 amon pluto[28433]: | **parse ISAKMP Message:<br>
Aug 10 14:24:54 amon pluto[28433]: | initiator cookie:<br>
Aug 10 14:24:54 amon pluto[28433]: | d2 7d 9f 9f 4c 84 af d8<br>
Aug 10 14:24:54 amon pluto[28433]: | responder cookie:<br>
Aug 10 14:24:54 amon pluto[28433]: | 00 00 00 00 00 00 00 00<br>
Aug 10 14:24:54 amon pluto[28433]: | next payload type:
ISAKMP_NEXT_SA<br>
Aug 10 14:24:54 amon pluto[28433]: | ISAKMP version: ISAKMP Version
1.0 (rfc2407)<br>
Aug 10 14:24:54 amon pluto[28433]: | exchange type: ISAKMP_XCHG_AGGR<br>
Aug 10 14:24:54 amon pluto[28433]: | flags: none<br>
Aug 10 14:24:54 amon pluto[28433]: | message ID: 00 00 00 00<br>
Aug 10 14:24:54 amon pluto[28433]: | length: 621<br>
Aug 10 14:24:54 amon pluto[28433]: packet from
<roadwarrior-ip>:500: size (637) differs from size specified in
ISAKMP HDR (621)<br>
Aug 10 14:24:54 amon pluto[28433]: | * processed 0 messages from
cryptographic helpers <br>
------ END LOG ------<br>
<br>
This is the openswan config in the server the roadwarrior is connecting
to:<br>
<br>
----- BEGIN CONFIG -----<br>
config setup<br>
interfaces="%none"<br>
nat_traversal=yes<br>
virtual_private=%v4:!<private-subnet>,%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<br>
oe=off<br>
protostack=netkey<br>
nat_traversal=yes<br>
plutodebug="parsing emitting control controlmore crypt
lifecycle pfkey dpd"<br>
plutoopts="--perpeerlog --perpeerlogbase=/etc/openswan/log"<br>
<br>
conn rbx-ras<br>
authby=rsasig<br>
leftid=%fromcert<br>
leftcert=/etc/openswan/ras.crt<br>
left=<public-ip><br>
leftupdown="/etc/openswan/ras"<br>
leftsubnet=<private-subnet><br>
leftxauthserver=yes<br>
leftmodecfgserver=yes<br>
right=%any<br>
rightsubnet=vhost:%no,%priv<br>
rightxauthclient=yes<br>
rightmodecfgclient=yes<br>
dpdaction=clear<br>
dpddelay=30<br>
dpdtimeout=60<br>
pfs=yes<br>
ike=3des-md5<br>
esp=3des-md5<br>
aggrmode=yes<br>
salifetime=20m<br>
ikelifetime=8h<br>
rekey=no<br>
auto=add<br>
#forceencaps=yes<br>
modecfgdns1=<dns-1><br>
modecfgdns2=<dns-2><br>
modecfgwins1=<wins-1><br>
modecfgwins2=<wins-2><br>
------ END CONFIG ------<br>
<br>
The client is the Cisco VPN client v4.9.01 (0080). Could this be due
to poorly specified PFS group? I'm supposed to use modp1024 but I
can't find the correct way to specify it in "ike" or "esp" - no matter
which syntax I use I always get syntax errors (I tried
3des-md5-modp1024, 3des-md5;modp1024, 3des-md5-2, all to no avail).
Notice that the difference between size expectations is 16 bytes.<br>
<br>
Cheers.<br>
<br>
<div class="moz-signature">-- <br>
<style type="text/css">
p { margin: 0; }
</style>
<div style="font-family: Arial; font-size: 10pt; color: rgb(0, 0, 0);">
<font size="1"> Diego Rivera<br>
Director / System Operations<br>
Roundbox Global : <span
style="font-style: italic; color: rgb(102, 102, 102);">enterprise :
technology : genius</span><br>
------------------------------------------------------------------------------------------------------------------<br>
Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica<br>
tel: +1 (404) 567-5000 ext. 2147 | cel: +(506) 8393-0772 | fax: +(506)
2258-3695<br>
email: <a href="mailto:diego.rivera@rbxglobal.com">diego.rivera@rbxglobal.com</a>
| <a href="http://www.rbxglobal.com">www.rbxglobal.com</a><br>
------------------------------------------------------------------------------------------------------------------<br>
</font> </div>
</div>
</body>
</html>