[Openswan Users] Openswan 2.4.7 and juniper ns208

Paul Overton paul at trusted-management.com
Thu Dec 7 12:49:15 EST 2006


You appear to be using NAT-T so you will not see ESP frames with
tcpdump, you are more likeley to see encap UDP 4500 frames.

 

Paul


________________________________

From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Didine
Sent: 07 December 2006 17:45
To: users at openswan.org
Subject: [Openswan Users] Openswan 2.4.7 and juniper ns208


Hello,
I'm a new user of openswan.
I try to set up a connexion between openswan (Linux Openswan
U2.4.7/K2.6.18-1.2798.fc6 (netkey)) and a Juniper ns208.
When i try to setup the link i have the folowing messages. 

=====================================================================
[root at lt85 ~]# ipsec auto --verbose --up lt85_to_centre
002 "lt85_to_centre" #11: initiating Main Mode
104 "lt85_to_centre" #11: STATE_MAIN_I1: initiate 
003 "lt85_to_centre" #11: ignoring unknown Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd84510000000000000000]
003 "lt85_to_centre" #11: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
003 "lt85_to_centre" #11: received Vendor ID payload [Dead Peer
Detection]
003 "lt85_to_centre" #11: ignoring Vendor ID payload [HeartBeat Notify
386b0100]
002 "lt85_to_centre" #11: enabling possible NAT-traversal with method
draft-ietf-ipsec-nat-t-ike-02/03 
002 "lt85_to_centre" #11: discarding packet received during asynchronous
work (DNS or crypto) in STATE_MAIN_I1
002 "lt85_to_centre" #11: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2 
106 "lt85_to_centre" #11: STATE_MAIN_I2: sent MI2, expecting MR2
003 "lt85_to_centre" #11: discarding duplicate packet; already
STATE_MAIN_I2
002 "lt85_to_centre" #11: I did not send a certificate because I do not
have one. 
003 "lt85_to_centre" #11: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
002 "lt85_to_centre" #11: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
108 "lt85_to_centre" #11: STATE_MAIN_I3: sent MI3, expecting MR3 
003 "lt85_to_centre" #11: discarding duplicate packet; already
STATE_MAIN_I3
002 "lt85_to_centre" #11: Main mode peer ID is ID_IPV4_ADDR:
'194.250.x.x'
002 "lt85_to_centre" #11: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4 
004 "lt85_to_centre" #11: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
002 "lt85_to_centre" #12: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#11} 
117 "lt85_to_centre" #12: STATE_QUICK_I1: initiate
002 "lt85_to_centre" #12: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2
004 "lt85_to_centre" #12: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x7593622b <0x6859dbc5 xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none} 
=====================================================================
IPsec SA established ?!

A made a test by sending a ping to the 194.250.x.x.
A tcpdump shows the following (no ESP msg):

===================================================================== 
[root at lt85 ~]# tcpdump host 194.250.x.x
19:48:37.441373 IP lt85.xxx.xxx > 194.250.x.x : ICMP echo request, id
1024, seq 55960, length 24
=====================================================================

Any help is appreciated.
Thanks a lot.

-- 
Didine 
-- 
This message has been scanned for viruses and 
dangerous content by MailScanner <http://www.mailscanner.info/> , and is

believed to be clean. 

-- 
This message has been scanned for viruses and
dangerous content by Trusted Management Limited, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061207/b03d7959/attachment-0001.html 


More information about the Users mailing list