[Openswan Users] openswan <=> netscreen

Hans Fugal fugalh at gmail.com
Wed Oct 20 16:31:06 CEST 2004


Great. I'd like to see it. Even if I just see your openswan config,
then I'd have a known starting point to go from.


On Wed, 20 Oct 2004 17:24:40 -0400, Jim Buttafuoco <jim at contactbda.com> wrote:
> Thanks for the reply,
> 
> We did get openswan working with netscreen with preshared keys. The netscreen admin deleted the config and started
> over.  This time it worked right away.  I am going to try to get the config file so we can post it along with my
> openswan setup for the next person.
> 
> Jim
> 
> 
> 
> 
> ---------- Original Message -----------
> From: Hans Fugal <fugalh at gmail.com>
> To: jim at contactbda.com
> Cc: users at openswan.org
> Sent: Wed, 20 Oct 2004 14:30:25 -0600
> Subject: Re: [Openswan Users] openswan <=> netscreen
> 
> > I have a similar situation. I do control the netscreen, and the
> > netscreen logs indicate that the ignored payload is the netscreen
> > sending its certificates. I don't know for sure, but I think this is
> > too early, and is the netscreen's problem. Racoon has the same
> > difficulty.
> >
> > You might try preshared keys instead of certificates, but I wasn't
> > able to get that working with the netscreen either (don't remember
> > why). Racoon groks preshared keys with netscreen.
> >
> > On Fri, 15 Oct 2004 18:54:22 -0400, Jim Buttafuoco <jim at contactbda.com> wrote:
> > > I am trying to get openswan to talk to a netscreen device.  I am getting the following
> > >
> > > 104 "netscreen" #30: STATE_MAIN_I1: initiate
> > > 003 "netscreen" #30: ignoring Vendor ID payload [bf03746108d746c904f1f3547de24f78479fed120000001000000403]
> > > 003 "netscreen" #30: ignoring Vendor ID payload [HeartBeat Notify 386b0100]
> > > 106 "netscreen" #30: STATE_MAIN_I2: sent MI2, expecting MR2
> > > 108 "netscreen" #30: STATE_MAIN_I3: sent MI3, expecting MR3
> > > 004 "netscreen" #30: STATE_MAIN_I4: ISAKMP SA established
> > > 112 "netscreen" #31: STATE_QUICK_I1: initiate
> > > 010 "netscreen" #31: STATE_QUICK_I1: retransmission; will wait 20s for response
> > > 010 "netscreen" #31: STATE_QUICK_I1: retransmission; will wait 40s for response
> > >
> > > I don't control the netscreen device but the SA is very willing to try anything to get this to work.  Does any
> have a
> > > working openswan to netscreen VPN that can share config info +
> > >
> > > Also, I am willing to post just about anything to get this working, just ask.
> > >
> > > Thanks for your help
> > > Jim
> > > _______________________________________________
> > > Users mailing list
> > > Users at openswan.org
> > > http://lists.openswan.org/mailman/listinfo/users
> > >
> >
> > --
> > De gustibus non disputandum est.
> ------- End of Original Message -------
> 
> 


-- 
De gustibus non disputandum est.


More information about the Users mailing list