
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">

  <head>

    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />

    <title></title>

  </head>


  <body>

    <p style="margin: 0px;"><span><span style="font-size: medium; line-height: 19px;">Hello, I am getting this error when I try to bring up IPSec Tunnel... Looking</span></span></p>

    <span style="font-size: medium; line-height: 19px;">for someone help.. Thanks...</span> 


    <div>

      <span style="font-size: medium; line-height: 19px;"><br />

      </span>

    </div>


    <div>

      <span style="font-size: medium; line-height: 19px;"><span style="font-family: sans-serif; line-height: normal; color: #333333; font-size: 13px;"></span></span>


      <p style="font-size: 10pt; font-family: sans-serif;"><strong>Starting connection with command&#160;<tt>/usr/sbin/ipsec auto --up &#39;paycode-to-vivacom&#39;</tt>&#160;..</strong></p>

<pre style="font-size: 8pt;">

104 &quot;paycode-to-vivacom&quot; #10: STATE_MAIN_I1: initiate

003 &quot;paycode-to-vivacom&quot; #10: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 

003 &quot;paycode-to-vivacom&quot; #10: ignoring Vendor ID payload [FRAGMENTATION c0000000]

106 &quot;paycode-to-vivacom&quot; #10: STATE_MAIN_I2: sent MI2, expecting MR2

003 &quot;paycode-to-vivacom&quot; #10: received Vendor ID payload [Cisco-Unity]

003 &quot;paycode-to-vivacom&quot; #10: received Vendor ID payload [XAUTH]

003 &quot;paycode-to-vivacom&quot; #10: ignoring unknown Vendor ID payload [4acca7967b99500430ae278225d941bf]

003 &quot;paycode-to-vivacom&quot; #10: ignoring Vendor ID payload [Cisco VPN 3000 Series]

003 &quot;paycode-to-vivacom&quot; #10: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected

108 &quot;paycode-to-vivacom&quot; #10: STATE_MAIN_I3: sent MI3, expecting MR3

010 &quot;paycode-to-vivacom&quot; #10: STATE_MAIN_I3: retransmission; will wait 20s for response

003 &quot;paycode-to-vivacom&quot; #10: discarding duplicate packet; already STATE_MAIN_I3

003 &quot;paycode-to-vivacom&quot; #10: discarding duplicate packet; already STATE_MAIN_I3

003 &quot;paycode-to-vivacom&quot; #10: discarding duplicate packet; already STATE_MAIN_I3

010 &quot;paycode-to-vivacom&quot; #10: STATE_MAIN_I3: retransmission; will wait 40s for response

003 &quot;paycode-to-vivacom&quot; #10: next payload type of ISAKMP Hash Payload has an unknown value: 125

003 &quot;paycode-to-vivacom&quot; #10: malformed payload in packet

031 &quot;paycode-to-vivacom&quot; #10: max number of retransmissions (2) reached STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message

000 &quot;paycode-to-vivacom&quot; #10: starting keying attempt 2 of at most 3, but releasing whack

</pre>

<pre style="font-size: 8pt;">

<br />


</pre>

    </div>


    <div>

      <span style="font-size: medium; line-height: 19px;">ipsec.conf &gt;&gt;&gt;&gt;&gt;&#160;</span>

    </div>


    <div>

      <span style="font-size: medium; line-height: 19px;"></span>


      <div>

        <br />

      </div>


      <div>

        conn paycode-to-vivacom

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;auth=esp

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;authby=secret

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;auto=start

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;esp=3des-168

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;ike=3des-md5

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;ikelifetime=8h

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;keyexchange=ike

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;keyingtries=3

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;keylife=1h

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;left=95.43.208.250

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;leftid=95.43.208.250

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;leftnexthop=95.43.208.249

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;pfs=yes

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;right=212.39.72.21

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;rightsubnet=10.16.0.0/24

      </div>


      <div>

        &#160;&#160; &#160; &#160; &#160;type=tunnel

      </div>


      <div>

        <div>

          <br />

        </div>


        <div>

          config setup

        </div>


        <div>

          &#160;&#160; &#160; &#160; &#160;interfaces=%defaultroute

        </div>


        <div>

          &#160;&#160; &#160; &#160; &#160;nat_traversal=yes

        </div>


        <div>

          &#160;&#160; &#160; &#160; &#160;OE=off

        </div>


        <div>

          &#160;&#160; &#160; &#160; &#160;protostack=netkey

        </div>


        <div>

          <br />

        </div>

      </div>

    </div>


    <div>

      <span style="font-size: medium; line-height: 19px;">Connection Configuration &gt;&gt;&gt;&#160;http://i48.tinypic.com/1823ba.jpg</span>

    </div>


    <div>

      <span style="font-size: medium; line-height: 19px;"><br />

      </span>

    </div>


    <div>

      <span style="font-size: medium; line-height: 19px;">The OS is Debian Squeeze</span>

    </div>


    <div>

      <span style="font-size: medium; line-height: 19px;"><br />

      </span>

    </div>


    <div>

      <span style="font-size: medium; line-height: 19px;">paycode:~# ipsec verify<br />

      Checking your system to see if IPsec got installed and started correctly:<br />

      Version check and ipsec on-path &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; [OK]<br />

      Linux Openswan U2.6.23/K2.6.32-trunk-686 (netkey)<br />

      Checking for IPsec support in kernel &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160;[OK]<br />

      NETKEY detected, testing for disabled ICMP send_redirects &#160; &#160; &#160; [OK]<br />

      NETKEY detected, testing for disabled ICMP accept_redirects &#160; &#160; [OK]<br />

      Checking for RSA private key (/etc/ipsec.secrets) &#160; &#160; &#160; &#160; &#160; &#160; &#160; [OK]<br />

      Checking that pluto is running &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160;[OK]<br />

      Pluto listening for IKE on udp 500 &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160;[OK]<br />

      Pluto listening for NAT-T on udp 4500 &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; [OK]<br />

      Two or more interfaces found, checking IP forwarding &#160; &#160; &#160; &#160; &#160; &#160;[OK]<br />

      Checking NAT and MASQUERADEing &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160;[OK]<br />

      Checking for &#39;ip&#39; command &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; [OK]<br />

      Checking for &#39;iptables&#39; command &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; [OK]<br />

      Opportunistic Encryption Support &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160;[DISABLED]<br />

      paycode:~#</span>

    </div>

  </body>

</html>