[Openswan Users] High Assurance Soft Remote

Peter Osterberg Peter_Osterberg at home.se
Tue Jul 12 16:52:54 CEST 2005


I have tried to setup OpenSwan to accept connections from a HighAssurance 
client with no success what so ever, using x.509 ceritificates.
Ths OS config works prefeclty when I try to connect with the same cert 
using Sentinel.

I've tried upgrading OS and I've tried every possible setting in 
HighAssurance but the connection stops at the place every time with a logg 
line reading:
Apr  1 11:19:21 fw pluto[18305]: packet from xxx.xxx.xxx.xxx:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Apr  1 11:19:21 fw pluto[18305]: packet from xxx.xxx.xxx.xxx:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Apr  1 11:19:21 fw pluto[18305]: "bioinvent_roadwarrior"[32] 
xxx.xxx.xxx.xxx #39: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
Apr  1 11:19:23 fw pluto[18305]: "bioinvent_roadwarrior"[32] 
xxx.xxx.xxx.xxx #39: ignoring Vendor ID payload [47bbe7c993f1fc13...]
Apr  1 11:19:23 fw pluto[18305]: "bioinvent_roadwarrior"[32] 
xxx.xxx.xxx.xxx #39: ignoring Vendor ID payload [da8e937880010000]
Apr  1 11:19:23 fw pluto[18305]: "bioinvent_roadwarrior"[32] 
xxx.xxx.xxx.xxx #39: received Vendor ID payload [Dead Peer Detection]
Apr  1 11:19:23 fw pluto[18305]: "bioinvent_roadwarrior"[32] 
xxx.xxx.xxx.xxx #39: ignoring Vendor ID payload [XAUTH]
Apr  1 11:19:23 fw pluto[18305]: "bioinvent_roadwarrior"[32] 
xxx.xxx.xxx.xxx #39: NAT-Traversal: Result using 
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Apr  1 11:20:33 fw pluto[18305]: "bioinvent_roadwarrior"[32] 
xxx.xxx.xxx.xxx #39: max number of retransmissions (2) reached STATE_MAIN_R2
Apr  1 11:20:33 fw pluto[18305]: "bioinvent_roadwarrior"[32] 
xxx.xxx.xxx.xxx: deleting connection "bioinvent_roadwarrior" instance with 
peer xxx.xxx.xxx.x


Anybody?



More information about the Users mailing list