[Openswan Users] Connecting a branch office to nortel contivity

[Bento Loewenstein]

Thanks Ken. I'll forward the how-to to the head office's contivity admin.

in the mean time, i changed my ipsec.conf to conform with the document 
you pointed and posted pluto's log at http://sprints.tks.com.br/secure.log

there's logs from yesterday (with my previous config) and from today's 
attempt. is there any specific message i should look for there ?

TKS,

Bento Loewenstein

Ken Bantoft wrote:

>I did this config last year, and worked okay.  I assume you used the
>docs from http://www.freeswan.ca/docs/Contivity/ ?  Although your config
>differs a bit from mine.
>
>You logs aren't usefull, as I don't see the pluto logs.  KLIPS logs
>won't be of much use in this, as it'll be a mismatch somewhere in the
>configuration.  Perhaps you need to look in /var/log/secure to see your
>pluto logs, as on RH boxen, that's where pluto normally logs too.
>
>Ensure Contivity is on 4.x code.  I had issues on 3.x based Contivities.
>
>
>On Tue, 2004-12-14 at 16:50 -0200, Bento Loewenstein wrote:
>  
>
>>Hi ppl,
>>
>>I'kind of desperate here. I'm trying to connect our branch office in
>>brasil to a Nortel Contivity switch in the head office using openswan
>>without luck.
>>
>>bellow is my ipsec.conf file. what happens is even when the tunnel is
>>that the tunnel is not established. even when phase 2 negotiation
>>completes my side doesen't send IKE packet to the head office according
>>to my contact there. i'm also sending a packet dump.
>>
>>my setup is:
>>
>>Red hat linux 7.3 (updated with packages from fedoralegacy.org)
>>vanila kernel 2.4.28 with nat-traversal patch
>>openswan 2.1.6 (also tried 2.4.0dr4)
>>
>>
>>a log with "klipsdebug=all" and "plutodebug=all" is available at
>>http://sprints.tks.com.br/messages.log
>>
>>- any idea of what i'm doing wrong ?
>>- would a complete upgrade (maybe debian sarge with 2.6 kernel) help ?
>>
>>
>>Any help would be apreciated.
>>
>>TIA,
>>
>>Bento Loewenstein
>>    
>>

(snip)