[Openswan Users] Re: Users Digest, Vol 14, Issue 51

[Shaheen Ali]

> Message: 7
> Date: Fri, 28 Jan 2005 18:07:37 -0500
> From: Jeff Herring <jeffh at sldsi.com>
> Subject: [Openswan Users] CISCO heartburn
> To: users at openswan.org
> Message-ID: <6.0.1.1.2.20050128174912.05de1a38 at 208.133.218.150>
> Content-Type: text/plain; charset="us-ascii"; format=flowed
>
> Apologies if this has been asked here, I have found no answers in the
> archives...
>
> I've updated to 2.3 / patched a 2.4.29 kernel / I have 30 tunnels working
> except 2
> that both have Cisco equipment and this error when connecting...Other
> Cisco
> equipment works
> Other none cisco stuff works...
>
> protocol/port in Phase 1 ID Payload must be 0/0 or 17/500 but are 17/0
>

The 2.x based openswan pluto program (pluto implements ISAKMP) is
complaining that the data in the ID packet is 17/0.  Valid values are
17/500 or 0/0.  Ironically, the openswan 1.x based code accepts 17/0.

You can revert to the 1.x based code (latest is 1.0.9 which is what we
use), or you could edit pluto/ipsec_doi.c to accept 17/0 as well as 17/500
or 0/0.

Rebuild and re-install to taste :-)

Shaheen