[Openswan Users] Openswan 2.4.6 to Cisco

Paul Wouters paul at xelerance.com
Tue Aug 22 14:54:27 EDT 2006


On Tue, 22 Aug 2006, Rui Santos wrote:

> I'm having problems creating a ipsec tunnel to a cisco router. From what I can see openswan and the cisco can't agree on how to proceed on the second phase. I'm using openswan 2.4.6 with the latest kernel (2.6.17.8). Can someone please help me to either extract more information from the logs or to spott an error on my configuration?
>
> Thanks,
>
> Conf for the tunnel:
> conn subnet1
>        type=tunnel
>        left=a.a.a.a
>        leftnexthop=%defaultroute
>        leftsubnet=10.0.0.0/8
>        right=b.b.b.b
>        rightsubnet=192.0.0.0/8
>        rightnexthop=c.c.c.c
>        esp=3des-md5
>        ike=3des-md5
>        keyexchange=ike
>        keylife=86400s
>        ikelifetime=8h
>        authby=secret
>        pfs=no
>
>
> Log for 2 Phase:
> Aug 22 10:11:47 leoa pluto[11084]: | computed Phase 2 IV:
> Aug 22 10:11:47 leoa pluto[11084]: |   5c 59 2d eb  85 1c 68 64  a2 e7 eb 6e  2c 10 e5 f0
> Aug 22 10:11:47 leoa pluto[11084]: | received encrypted packet from b.b.b.b:500
> Aug 22 10:11:47 leoa pluto[11084]: | decrypting 96 bytes using algorithm OAKLEY_3DES_CBC
> Aug 22 10:11:47 leoa pluto[11084]: | decrypted:
> Aug 22 10:11:47 leoa pluto[11084]: |   0b 00 00 14  30 fd f0 5c  5a b0 50 5e  15 6c a5 65
> Aug 22 10:11:47 leoa pluto[11084]: |   31 27 ac 63  00 00 00 44  00 00 00 01  03 04 00 0e
> Aug 22 10:11:47 leoa pluto[11084]: |   3d b2 11 a5  0a 00 00 34  00 00 00 01  00 00 00 01
> Aug 22 10:11:47 leoa pluto[11084]: |   00 00 00 00  63 b1 6d bc  00 00 00 00  63 30 73 28
> Aug 22 10:11:47 leoa pluto[11084]: |   61 80 55 e4  63 aa 24 dc  62 f3 f7 20  01 00 00 14
> Aug 22 10:11:47 leoa pluto[11084]: |   60 02 2e 3c  01 30 73 28  00 00 00 00  00 00 00 00
> Aug 22 10:11:47 leoa pluto[11084]: | next IV:  07 84 5c be  b1 f7 14 5c
> Aug 22 10:11:47 leoa pluto[11084]: | ***parse ISAKMP Hash Payload:
> Aug 22 10:11:47 leoa pluto[11084]: |    next payload type: ISAKMP_NEXT_N
> Aug 22 10:11:47 leoa pluto[11084]: |    length: 20
> Aug 22 10:11:47 leoa pluto[11084]: | ***parse ISAKMP Notification Payload:
> Aug 22 10:11:47 leoa pluto[11084]: |    next payload type: ISAKMP_NEXT_NONE
> Aug 22 10:11:47 leoa pluto[11084]: |    length: 68
> Aug 22 10:11:47 leoa pluto[11084]: |    DOI: ISAKMP_DOI_IPSEC
> Aug 22 10:11:47 leoa pluto[11084]: |    protocol ID: 3
> Aug 22 10:11:47 leoa pluto[11084]: |    SPI size: 4
> Aug 22 10:11:47 leoa pluto[11084]: |    Notify Message Type: NO_PROPOSAL_CHOSEN
> Aug 22 10:11:47 leoa pluto[11084]: | removing 8 bytes of padding
> Aug 22 10:11:47 leoa pluto[11084]: "subnet1" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
> Aug 22 10:11:47 leoa pluto[11084]: | info:  3d b2 11 a5  0a 00 00 34  00 00 00 01  00 00 00 01
> Aug 22 10:11:47 leoa pluto[11084]: |   00 00 00 00  63 b1 6d bc  00 00 00 00  63 30 73 28
> Aug 22 10:11:47 leoa pluto[11084]: |   61 80 55 e4  63 aa 24 dc  62 f3 f7 20  01 00 00 14
> Aug 22 10:11:47 leoa pluto[11084]: |   60 02 2e 3c  01 30 73 28
> Aug 22 10:11:47 leoa pluto[11084]: | processing informational NO_PROPOSAL_CHOSEN (14)
> Aug 22 10:11:47 leoa pluto[11084]: "subnet1" #1: received and ignored informational message
> Aug 22 10:11:47 leoa pluto[11084]: | complete state transition with STF_IGNORE
> Aug 22 10:11:47 leoa pluto[11084]: | next event EVENT_RETRANSMIT in 9 seconds for #8
>
>
> Any ideas?

Remove plutodebug=all, and show us the entire log from this connection attempt.

Paul
> Thanks
>
> Rui
>
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list