[Openswan Users] openswan <=> netscreen

Jim Buttafuoco jim at contactbda.com
Wed Oct 20 18:24:40 CEST 2004 

Thanks for the reply,  

We did get openswan working with netscreen with preshared keys. The netscreen admin deleted the config and started 
over.  This time it worked right away.  I am going to try to get the config file so we can post it along with my 
openswan setup for the next person.

Jim



---------- Original Message -----------
From: Hans Fugal <fugalh at gmail.com>
To: jim at contactbda.com
Cc: users at openswan.org
Sent: Wed, 20 Oct 2004 14:30:25 -0600
Subject: Re: [Openswan Users] openswan <=> netscreen

> I have a similar situation. I do control the netscreen, and the
> netscreen logs indicate that the ignored payload is the netscreen
> sending its certificates. I don't know for sure, but I think this is
> too early, and is the netscreen's problem. Racoon has the same
> difficulty.
> 
> You might try preshared keys instead of certificates, but I wasn't
> able to get that working with the netscreen either (don't remember
> why). Racoon groks preshared keys with netscreen.
> 
> On Fri, 15 Oct 2004 18:54:22 -0400, Jim Buttafuoco <jim at contactbda.com> wrote:
> > I am trying to get openswan to talk to a netscreen device.  I am getting the following
> > 
> > 104 "netscreen" #30: STATE_MAIN_I1: initiate
> > 003 "netscreen" #30: ignoring Vendor ID payload [bf03746108d746c904f1f3547de24f78479fed120000001000000403]
> > 003 "netscreen" #30: ignoring Vendor ID payload [HeartBeat Notify 386b0100]
> > 106 "netscreen" #30: STATE_MAIN_I2: sent MI2, expecting MR2
> > 108 "netscreen" #30: STATE_MAIN_I3: sent MI3, expecting MR3
> > 004 "netscreen" #30: STATE_MAIN_I4: ISAKMP SA established
> > 112 "netscreen" #31: STATE_QUICK_I1: initiate
> > 010 "netscreen" #31: STATE_QUICK_I1: retransmission; will wait 20s for response
> > 010 "netscreen" #31: STATE_QUICK_I1: retransmission; will wait 40s for response
> > 
> > I don't control the netscreen device but the SA is very willing to try anything to get this to work.  Does any 
have a
> > working openswan to netscreen VPN that can share config info +
> > 
> > Also, I am willing to post just about anything to get this working, just ask.
> > 
> > Thanks for your help
> > Jim
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
> 
> -- 
> De gustibus non disputandum est.
------- End of Original Message -------

More information about the Users mailing list