<div dir="ltr"><div>Hello List,</div><div><br></div><div>I'm trying to configure my test environment against a Cisco router. Everything works with vpnc, but I would prefer to use of OpenSwan. I have tried all configuration combinations, but cannot get past phase 1 up - no suitable connection for peer.</div>
<div><br></div><div>Any help will be much appreciated.</div><div><br></div><div>Kind Regards,</div><div><br></div><div>Andrew</div>
<div><br></div><div>Test enviroment Linux Openswan U2.6.38-g312f1b8a-dirty/K3.2.0-4-amd64 (netkey)</div><div><br></div><div>#-----------------------------------------#</div><div><br></div><div>root@ipsec:/etc# cat ipsec.conf</div>
<div>conn cisco</div><div> ike=3des-sha1-modp1024</div><div> esp=3des-sha1</div><div> pfs=yes</div><div> ikelifetime=86400s</div><div> keylife=28800s</div><div> #</div><div> aggrmode=yes</div><div> authby=secret</div>
<div> #</div><div> left=%defaultroute</div><div> leftmodecfgclient=yes</div><div> leftxauthclient=yes</div><div> leftid="@customer.domain"</div><div> #</div><div> right=1xx.5x.5x.1xx</div><div> rightid="@<a href="http://IPsec_1.cisco.com" target="_blank">IPsec_1.cisco.com</a>"</div>
<div> rightxauthserver=yes</div><div> rightmodecfgserver=yes</div><div> #</div><div> modecfgpull=yes</div><div> auto=add</div><div><br></div><div>#-----------------------------------------#</div><div><br></div><div>
root@ipsec:/etc# cat ipsec.secrets </div>
<div>@customer.domain 1xx.5x.5x.1xx : PSK "customer1234"</div><div><br></div><div>#-----------------------------------------#</div><div><br></div><div>ipsec whack --debug-all --name cisco --xauthname test@customer.domain --xauthpass xauth1234 --initiate</div>
<div><br></div><div>112 "cisco" #1: STATE_AGGR_I1: initiate</div><div>002 "cisco" #1: extra debugging enabled for connection: raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo</div>
<div>003 "cisco" #1: received Vendor ID payload [Cisco-Unity]</div><div>003 "cisco" #1: received Vendor ID payload [Dead Peer Detection]</div><div>003 "cisco" #1: ignoring unknown Vendor ID payload [12030e87294146bcd6828c998b89a5b7]</div>
<div>003 "cisco" #1: received Vendor ID payload [XAUTH]</div><div>003 "cisco" #1: received Vendor ID payload [RFC 3947] method set to=115 </div><div>002 "cisco" #1: Aggressive mode peer ID is ID_FQDN: '@<a href="http://IPsec_1.cisco.com" target="_blank">IPsec_1.cisco.com</a>'</div>
<div>003 "cisco" #1: no suitable connection for peer '@<a href="http://IPsec_1.cisco.com" target="_blank">IPsec_1.cisco.com</a>'</div><div>003 "cisco" #1: initial Aggressive Mode packet claiming to be from @<a href="http://IPsec_1.cisco.com" target="_blank">IPsec_1.cisco.com</a> on 1xx.5x.5x.1xx but no connection has been authorized</div>
<div>218 "cisco" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION</div><div>002 "cisco" #1: sending notification INVALID_ID_INFORMATION to 1xx.5x.5x.1xx:500</div><div><br></div><div>#-----------------------------------------#</div>
<div><br></div></div>