[Openswan Users] unsupported ID type ID_FQDN

Ken Bantoft ken at xelerance.com
Thu May 27 22:47:44 CEST 2004


On Wed, 26 May 2004, José Julio Hernández Fernández wrote:

> 
> Hi,
> 
> I've got a server running SuSE Linux 9.0, with FreeS/WAN downloaded from
> http://www.suse.de/~garloff/linux/FreeSWAN/ (2.04 for SuSE 9.0, with
> X.509 and NAT-T support). NAT-T and X.509 certs run fine with SSH
> Sentinel client for WinXP.
> 
> Now I need to configure connections with the IPsec client included with
> Windows XP. I've applied Microsoft's Q818043 update for NAT-T, and
> imported the certificates. But I've got the following error:
> 
> 
> May 26 10:50:58 vpn2 pluto[10019]: packet from a.b.c.d:500: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> May 26 10:50:58 vpn2 pluto[10019]: packet from a.b.c.d:500: ignoring
> Vendor ID payload [FRAGMENTATION]
> May 26 10:50:58 vpn2 pluto[10019]: packet from a.b.c.d:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
> May 26 10:50:58 vpn2 pluto[10019]: packet from a.b.c.d:500: ignoring
> Vendor ID payload [26244d38eddb61b3...]
> May 26 10:50:58 vpn2 pluto[10019]: "test"[7] a.b.c.d #7: responding to
> Main Mode from unknown peer a.b.c.d
> May 26 10:50:58 vpn2 pluto[10019]: "test"[7] a.b.c.d #7: only
> OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 support
> ed.  Attribute OAKLEY_GROUP_DESCRIPTION
> May 26 10:50:58 vpn2 pluto[10019]: "test"[7] a.b.c.d #7: NAT-Traversal:
> Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> May 26 10:50:58 vpn2 pluto[10019]: "test"[7] a.b.c.d #7: Peer ID is
> ID_DER_ASN1_DN: 'C=US, ST=xxx, L=xxx, O=yyy, OU=yyy, CN=test03 at none.com,
> E=test03 at none.com'
> May 26 10:50:58 vpn2 pluto[10019]: "test"[7] a.b.c.d #7: issuer crl not
> found
> May 26 10:50:58 vpn2 pluto[10019]: "test_NAT"[7] a.b.c.d #7: deleting
> connection "test" instance with peer a.b.c.d {isakmp=#0/ipsec=#0}
> May 26 10:50:58 vpn2 pluto[10019]: | NAT-T: new mapping
> a.b.c.d:500/45414)
> May 26 10:50:58 vpn2 pluto[10019]: "test_NAT"[7] a.b.c.d:45414 #7: sent
> MR3, ISAKMP SA established
> May 26 10:50:58 vpn2 pluto[10019]: "test_NAT"[7] a.b.c.d:45414 #7:
> unsupported ID type ID_FQDN
> May 26 10:50:58 vpn2 pluto[10019]: "test_NAT"[7] a.b.c.d:45414 #7:
> sending encrypted notification INVALID_ID_INFORMA
> TION to a.b.c.d:45414
> 
> 
> I've been googling, but without finding any useful help.
> ¿Is the someone who could help me on this problem?

Looks like Kurt's FreeS/WAN + X.509 + NAT-T doesn't include the patch for 
this.  The fix is in both Openswan 1.x and 2.x.  You will need to rebuild 
from source a new package.


-- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson




More information about the Users mailing list