[Openswan Users] Is there some List of error messages?
Ken Bantoft
ken at xelerance.com
Tue Mar 23 01:10:45 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 22 Mar 2004, Wolfman wrote:
> Hi,
> finally my swan starts up and I get some logging an my Connection attempts.
> But whenever I try to connect With my Win2k machine, I get errors (see
> auth.log)
> Somy question is: Is there some erroroverview to debug this messages? I
> can't find anything in the net that helps.
>
> Thanks
> Christian
>
> P.S. To the Gentoo users: The directory management is absolutly messed up.
> The certs, Keys, CAcert everything has to go in /etc/ipsec/ipsec.d/.... not
> in /etc/ipsec.d/...
> the certs in certs, the keys in private etc... The Documentation for that
> is wrong...
>
> auth.log:
> [...]
> Mar 22 16:09:48 Linuxserver pluto[2919]: packet from 192.168.107.123:500:
> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000002]
> Mar 22 16:09:48 Linuxserver pluto[2919]: packet from 192.168.107.123:500:
> ignoring Vendor ID payload [FRAGMENTATION]
> Mar 22 16:09:48 Linuxserver pluto[2919]: packet from 192.168.107.123:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
> already using method 0
> Mar 22 16:09:48 Linuxserver pluto[2919]: "p2n"[3] 192.168.107.123 #3:
> responding to Main Mode from unknown peer 192.168.107.123
> Mar 22 16:09:48 Linuxserver pluto[2919]: "p2n"[3] 192.168.107.123 #3: only
> OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
> OAKLEY_GROUP_DESCRIPTION
Looks like Win2K is trying modp768 (Group 1), which isn't supported.
Change it to modp1024, or modp1536 (aha DH or Diffe-Hellmen Group 2 or Group 5)
Ken
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAX4CIPiOgilmwgkgRAjAtAKDU0u0lv1X9lzigOu5iQZ5oPm9N8ACgnHNN
zVMZ1TUcY6yTKorsUsPx4DI=
=CQW8
-----END PGP SIGNATURE-----
More information about the Users
mailing list