Hi,<div><br></div><div>I have successfully installed Openswan but there seem to an issue with the connection to the Cisco VPN. From the logs am seeing something like "<b>No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</b>".</div>
<div><br></div><div>Below is the full log and my config. I will really appreciate your help.</div><div><div><br></div><div>###################### CONFIG #############################</div><div>config setup </div><div>
interfaces=%defaultroute</div><div> plutoopts="--perpeerlog"</div><div> protostack=netkey</div><div><br></div><div><br></div><div>conn VPNCon</div><div> type=tunnel</div><div> authby=secret</div>
<div> Ikelifetime=86400s</div><div> phase2=esp</div><div> Phase2alg=3des-md5;modp1536</div><div> lifetime=3600s</div><div> forceencaps=yes</div><div> pfs=no</div><div> keyexchange=ike</div>
<div> left=1.2.3.4</div><div> leftnexthop=%defaultroute</div><div> right=5.6.7.8</div><div> rightnexthop=%defaultroute</div><div> rekey=yes</div><div> remote_peer_type=cisco</div>
<div> auto=start</div><div>###################################################</div><div><br></div><div><br></div><div>###################### CONFIG #############################</div><div>Feb 1 10:55:16 box1 ipsec__plutorun: Starting Pluto subsystem...</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: Starting Pluto (Openswan Version 2.6.37; Vendor ID OEu\134d\134jy\134\134ap) pid:12241</div><div>Feb 1 10:55:16 box1 pluto[12241]: LEAK_DETECTIVE support [disabled]</div><div>Feb 1 10:55:16 box1 pluto[12241]: OCF support for IKE [disabled]</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: SAref support [disabled]: Protocol not available</div><div>Feb 1 10:55:16 box1 pluto[12241]: SAbind support [disabled]: Protocol not available</div><div>Feb 1 10:55:16 box1 pluto[12241]: NSS support [disabled]</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: HAVE_STATSD notification support not compiled in</div><div>Feb 1 10:55:16 box1 pluto[12241]: Setting NAT-Traversal port-4500 floating to on</div><div>Feb 1 10:55:16 box1 pluto[12241]: port floating activation criteria nat_t=1/port_float=1</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: NAT-Traversal support [enabled]</div><div>Feb 1 10:55:16 box1 pluto[12241]: using /dev/urandom as source of random entropy</div><div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: starting up 1 cryptographic helpers</div><div>Feb 1 10:55:16 box1 pluto[12248]: using /dev/urandom as source of random entropy</div><div>Feb 1 10:55:16 box1 pluto[12241]: started helper pid=12248 (fd:6)</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: Using Linux 2.6 IPsec interface code on 2.6.18-194.17.1.el5 (experimental code)</div><div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_add(): ERROR: Algorithm already exists</div><div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)</div><div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_add(): ERROR: Algorithm already exists</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)</div><div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_add(): ERROR: Algorithm already exists</div><div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_add(): ERROR: Algorithm already exists</div><div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)</div><div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_add(): ERROR: Algorithm already exists</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)</div><div>Feb 1 10:55:16 box1 pluto[12241]: Changed path to directory '/etc/ipsec.d/cacerts'</div><div>Feb 1 10:55:16 box1 pluto[12241]: Changed path to directory '/etc/ipsec.d/aacerts'</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: Changed path to directory '/etc/ipsec.d/ocspcerts'</div><div>Feb 1 10:55:16 box1 pluto[12241]: Changing to directory '/etc/ipsec.d/crls'</div><div>Feb 1 10:55:16 box1 pluto[12241]: Warning: empty directory</div>
<div>Feb 1 10:55:16 box1 pluto[12241]: added connection description "VPNCon"</div><div>Feb 1 10:55:17 box1 pluto[12241]: listening for IKE messages</div><div>Feb 1 10:55:17 box1 pluto[12241]: adding interface eth0/eth0 1.2.3.4.5:500</div>
<div>Feb 1 10:55:17 box1 pluto[12241]: adding interface eth0/eth0 1.2.3.4.5:4500</div><div>Feb 1 10:55:17 box1 pluto[12241]: adding interface lo/lo <a href="http://127.0.0.1:500">127.0.0.1:500</a></div><div>Feb 1 10:55:17 box1 pluto[12241]: adding interface lo/lo <a href="http://127.0.0.1:4500">127.0.0.1:4500</a></div>
<div>Feb 1 10:55:17 box1 pluto[12241]: adding interface lo/lo ::1:500</div><div>Feb 1 10:55:17 box1 pluto[12241]: loading secrets from "/etc/ipsec.secrets"</div><div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: initiating Main Mode</div>
<div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 </div><div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: enabling possible NAT-traversal with method draft-ietf-ipsec-nat-t-ike-05</div>
<div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2</div><div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: STATE_MAIN_I2: sent MI2, expecting MR2</div>
<div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: received Vendor ID payload [Cisco-Unity]</div><div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: received Vendor ID payload [Dead Peer Detection]</div>
<div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: ignoring unknown Vendor ID payload [3c1f79790ca4ddd867fa2623b80ac34b]</div><div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: received Vendor ID payload [XAUTH]</div>
<div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed</div><div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3</div>
<div>Feb 1 10:55:17 box1 pluto[12241]: "VPNCon" #1: STATE_MAIN_I3: sent MI3, expecting MR3</div><div>Feb 1 10:55:18 box1 pluto[12241]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T</div>
<div>Feb 1 10:55:18 box1 pluto[12241]: "VPNCon" #1: Main mode peer ID is ID_IPV4_ADDR: '5.6.7.8'</div><div>Feb 1 10:55:18 box1 pluto[12241]: "VPNCon" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4</div>
<div>Feb 1 10:55:18 box1 pluto[12241]: "VPNCon" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}</div><div>Feb 1 10:55:18 box1 pluto[12241]: "VPNCon" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:6ca6f49a proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}</div>
<div>Feb 1 10:55:18 box1 pluto[12241]: "VPNCon" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000</div><div>Feb 1 10:55:18 box1 pluto[12241]: "VPNCon" #1: received and ignored informational message</div>
<div>Feb 1 10:56:28 box1 pluto[12241]: "VPNCon" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</div><div>Feb 1 10:56:28 box1 pluto[12241]: "VPNCon" #2: starting keying attempt 2 of an unlimited number</div>
<div>Feb 1 10:56:28 box1 pluto[12241]: "VPNCon" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK to replace #2 {using isakmp#1 msgid:91d29c32 proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}</div>
<div>Feb 1 10:56:28 box1 pluto[12241]: "VPNCon" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000</div><div>Feb 1 10:56:28 box1 pluto[12241]: "VPNCon" #1: received and ignored informational message</div>
<div>Feb 1 10:57:38 box1 pluto[12241]: "VPNCon" #3: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</div><div>Feb 1 10:57:38 box1 pluto[12241]: "VPNCon" #3: starting keying attempt 3 of an unlimited number</div>
<div>Feb 1 10:57:38 box1 pluto[12241]: "VPNCon" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK to replace #3 {using isakmp#1 msgid:fd01f2eb proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}</div>
<div>Feb 1 10:57:38 box1 pluto[12241]: "VPNCon" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000</div><div>Feb 1 10:57:38 box1 pluto[12241]: "VPNCon" #1: received and ignored informational message</div>
<div><br></div><div>###################################################</div></div><div><br></div>