[Openswan Users] More SonicWall
Paul Wouters
paul at xelerance.com
Tue May 24 11:58:10 CEST 2005
On Tue, 24 May 2005, Yannick Warnier wrote:
> I think my case is different but I still get the same error.
>
> My laptop (A - 192.168.2.63) tries to connect to the SonicWall (B -
> 194.154.172.134) which protects the subnet (C - 192.168.254.0/24).
>
> My /etc/ipsec.conf looks like this:
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> interfaces="ipsec0=eth0"
> klipsdebug=none
> plutodebug=all
> uniqueids=yes
> nat_traversal=yes
>
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
> conn GroupVPN
> left=192.168.2.63
> right=194.154.172.134
> rightsubnet=192.168.254.0/24
> keyingtries=1
> auto=route
> authby=secret
> auth=esp
> esp=3des-hmac_md5
> pfs=yes
> keyexchange=ike
> #ike=3des-md5
>
>
> Now the first phase authentication goes right, but the second phase
> fails, with this ouput:
> kakashi:/home/ywarnier# ipsec auto --up GroupVPN
> 104 "GroupVPN" #1: STATE_MAIN_I1: initiate
> 003 "GroupVPN" #1: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> 106 "GroupVPN" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "GroupVPN" #1: ignoring unknown Vendor ID payload [da8e937880010000]
> 003 "GroupVPN" #1: ignoring unknown Vendor ID payload [404bf439522ca3f6]
> 003 "GroupVPN" #1: received Vendor ID payload [XAUTH]
> 003 "GroupVPN" #1: NAT-Traversal: Result using
> draft-ietf-ipsec-nat-t-ike-00/01: i am NATed
> 108 "GroupVPN" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "GroupVPN" #1: STATE_MAIN_I4: ISAKMP SA established
> 117 "GroupVPN" #2: STATE_QUICK_I1: initiate
> 010 "GroupVPN" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
Seems the sonicwall wants to so xauth, but your client has not been configured for that?
Paul
More information about the Users
mailing list