[Openswan Users] Openswan 2.4.6 to Cisco

Rui Santos ruisantos at iname.com
Tue Aug 22 05:17:54 EDT 2006 

Hi all,

I'm having problems creating a ipsec tunnel to a cisco router. From what I can see openswan and the cisco can't agree on how to proceed on the second phase. I'm using openswan 2.4.6 with the latest kernel (2.6.17.8). Can someone please help me to either extract more information from the logs or to spott an error on my configuration? 

Thanks,

Conf for the tunnel:
conn subnet1
       type=tunnel
       left=a.a.a.a
       leftnexthop=%defaultroute
       leftsubnet=10.0.0.0/8
       right=b.b.b.b
       rightsubnet=192.0.0.0/8
       rightnexthop=c.c.c.c
       esp=3des-md5
       ike=3des-md5
       keyexchange=ike
       keylife=86400s
       ikelifetime=8h
       authby=secret
       pfs=no


Log for 2 Phase:
Aug 22 10:11:47 leoa pluto[11084]: | computed Phase 2 IV:
Aug 22 10:11:47 leoa pluto[11084]: |   5c 59 2d eb  85 1c 68 64  a2 e7 eb 6e  2c 10 e5 f0
Aug 22 10:11:47 leoa pluto[11084]: | received encrypted packet from b.b.b.b:500
Aug 22 10:11:47 leoa pluto[11084]: | decrypting 96 bytes using algorithm OAKLEY_3DES_CBC
Aug 22 10:11:47 leoa pluto[11084]: | decrypted:
Aug 22 10:11:47 leoa pluto[11084]: |   0b 00 00 14  30 fd f0 5c  5a b0 50 5e  15 6c a5 65
Aug 22 10:11:47 leoa pluto[11084]: |   31 27 ac 63  00 00 00 44  00 00 00 01  03 04 00 0e
Aug 22 10:11:47 leoa pluto[11084]: |   3d b2 11 a5  0a 00 00 34  00 00 00 01  00 00 00 01
Aug 22 10:11:47 leoa pluto[11084]: |   00 00 00 00  63 b1 6d bc  00 00 00 00  63 30 73 28
Aug 22 10:11:47 leoa pluto[11084]: |   61 80 55 e4  63 aa 24 dc  62 f3 f7 20  01 00 00 14
Aug 22 10:11:47 leoa pluto[11084]: |   60 02 2e 3c  01 30 73 28  00 00 00 00  00 00 00 00
Aug 22 10:11:47 leoa pluto[11084]: | next IV:  07 84 5c be  b1 f7 14 5c
Aug 22 10:11:47 leoa pluto[11084]: | ***parse ISAKMP Hash Payload:
Aug 22 10:11:47 leoa pluto[11084]: |    next payload type: ISAKMP_NEXT_N
Aug 22 10:11:47 leoa pluto[11084]: |    length: 20
Aug 22 10:11:47 leoa pluto[11084]: | ***parse ISAKMP Notification Payload:
Aug 22 10:11:47 leoa pluto[11084]: |    next payload type: ISAKMP_NEXT_NONE
Aug 22 10:11:47 leoa pluto[11084]: |    length: 68
Aug 22 10:11:47 leoa pluto[11084]: |    DOI: ISAKMP_DOI_IPSEC
Aug 22 10:11:47 leoa pluto[11084]: |    protocol ID: 3
Aug 22 10:11:47 leoa pluto[11084]: |    SPI size: 4
Aug 22 10:11:47 leoa pluto[11084]: |    Notify Message Type: NO_PROPOSAL_CHOSEN
Aug 22 10:11:47 leoa pluto[11084]: | removing 8 bytes of padding
Aug 22 10:11:47 leoa pluto[11084]: "subnet1" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Aug 22 10:11:47 leoa pluto[11084]: | info:  3d b2 11 a5  0a 00 00 34  00 00 00 01  00 00 00 01
Aug 22 10:11:47 leoa pluto[11084]: |   00 00 00 00  63 b1 6d bc  00 00 00 00  63 30 73 28
Aug 22 10:11:47 leoa pluto[11084]: |   61 80 55 e4  63 aa 24 dc  62 f3 f7 20  01 00 00 14
Aug 22 10:11:47 leoa pluto[11084]: |   60 02 2e 3c  01 30 73 28
Aug 22 10:11:47 leoa pluto[11084]: | processing informational NO_PROPOSAL_CHOSEN (14)
Aug 22 10:11:47 leoa pluto[11084]: "subnet1" #1: received and ignored informational message
Aug 22 10:11:47 leoa pluto[11084]: | complete state transition with STF_IGNORE
Aug 22 10:11:47 leoa pluto[11084]: | next event EVENT_RETRANSMIT in 9 seconds for #8


Any ideas?

Thanks 

Rui

-- 
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/

More information about the Users mailing list