[Openswan Users] Setting up VPN between Linux box and Fortigate firewall
Rhys Johnson
rhys at systemx.com.au
Mon Aug 21 04:10:34 EDT 2006
Hello
I am trying to set up a VPN between 2 firewall machines with private
subnets behind them. A have a linux box running openswan2.2 and a
Fortigate firewall running IPSEC. I am trying to connect from the
fortigate to the linux box, however the connection is failing on error.
The fortigate is set up as follows
Phase 1:
Local IP: 221.133.201.34
Remote IP: 58.6.14.254
Main mode
PSK
Accept any peer id
Encryption/Authentication. try 3DES-MD5, 3DES-SHA1
DH groups 2 and 5
Disable XAUTH
Phase 2:
Enable PFS
DH group 5
The linux box has the following configuration
ipsec.conf
-----------------------------------
config setup
# Debug-logging controls:
klipsdebug=none
plutodebug="all"
conn fortigate
auto=add
left=58.6.14.254
leftsubnet=192.168.100.0/24
leftid=@home
right=221.133.201.34
rightsubnet=192.168.1.0/24
rightid=%any
keyingtries=0
pfs=yes
auth=esp
authby=secret
------------------------------
ipsec.secrets
-----------------
@home 221.133.201.34 58.6.14.254: PSK "************"
-----------------
The error I receive on the Fortigate from the linux box is:
2006-08-21 15:58:53 error negotiate Received error notification from
peer: INVALID_ID_INFORMATION type=event subtype=ipsec pri=error
loc_ip=221.133.201.34 loc_port=500 rem_ip=58.6.14.254 rem_port=500
out_if=wan1 vpn_tunnel=Caldwell_VPN
cookies=8f1a03ec12122b32/0d4f5c4330f10e82 action=negotiate
status=negotiate_error msg="Received error notification from peer:
INVALID_ID_INFORMATION" negotiate_error
What does this error mean?
--
Kind regards
Rhys Johnson
SystemX Pty Ltd
Ph: 08 9421 8009
Fax: 08 9421 8055
Email: rhys at systemx.com.au
More information about the Users
mailing list