[Openswan Users] openswan <=> netscreen

Hans Fugal fugalh at gmail.com
Wed Oct 20 15:30:25 CEST 2004

I have a similar situation. I do control the netscreen, and the
netscreen logs indicate that the ignored payload is the netscreen
sending its certificates. I don't know for sure, but I think this is
too early, and is the netscreen's problem. Racoon has the same

You might try preshared keys instead of certificates, but I wasn't
able to get that working with the netscreen either (don't remember
why). Racoon groks preshared keys with netscreen.

On Fri, 15 Oct 2004 18:54:22 -0400, Jim Buttafuoco <jim at contactbda.com> wrote:
> I am trying to get openswan to talk to a netscreen device.  I am getting the following
> 104 "netscreen" #30: STATE_MAIN_I1: initiate
> 003 "netscreen" #30: ignoring Vendor ID payload [bf03746108d746c904f1f3547de24f78479fed120000001000000403]
> 003 "netscreen" #30: ignoring Vendor ID payload [HeartBeat Notify 386b0100]
> 106 "netscreen" #30: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "netscreen" #30: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "netscreen" #30: STATE_MAIN_I4: ISAKMP SA established
> 112 "netscreen" #31: STATE_QUICK_I1: initiate
> 010 "netscreen" #31: STATE_QUICK_I1: retransmission; will wait 20s for response
> 010 "netscreen" #31: STATE_QUICK_I1: retransmission; will wait 40s for response
> I don't control the netscreen device but the SA is very willing to try anything to get this to work.  Does any have a
> working openswan to netscreen VPN that can share config info +
> Also, I am willing to post just about anything to get this working, just ask.
> Thanks for your help
> Jim
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

De gustibus non disputandum est.

More information about the Users mailing list