[Openswan Users] Please help me to identify problem...

utkarsh shah utkarsh at elitecore.com
Tue Feb 7 10:30:59 CET 2006


Hi,

    want ur help to identify a problem and some hint towards solution ??

    i want to establish a roadwarrior connection using presharedkey in aggressive mode. use openswan 2.4.2 and greenbow 2.51 as client

    network diagram

    LAN----------------[ VPN Server ]----------------------[ Router ]-----------------------[ Roadwarrior ]

    configuration is :
        ipsec.conf
         version 2
  config setup
          interfaces="ipsec0=eth1 "
          klipsdebug=none
          plutodebug="none"
          uniqueids=yes
          nat_traversal=yes
          crlcheckinterval=3600


  conn %default
          leftupdown=/usr/lib/ipsec/_updown
          rightupdown=/usr/lib/ipsec/_updown

  conn test_conn
          type=tunnel
          left=142.7.7.1
          leftsubnet=160.7.7.0/24
          leftnexthop=142.7.7.254
          right=%any
          authby=secret
          auto=add
          keylife=3600
          rekey=no
          rekeymargin=120
          rekeyfuzz=0%
          keyingtries=3
          compress=no
          failureshunt=drop
          dpddelay=30
          dpdtimeout=120
          dpdaction=clear
          ikelifetime=3600
          pfs=no
          aggrmode=yes
          ike="3DES-MD5-modp1536,3DES-SHA1-modp1536,AES128-SHA1-modp1536"
          esp="3DES-MD5,3DES-SHA1,AES128-SHA1"


  ipsec.secrets
    142.7.7.1 %any : PSK "presharedkey"

  /var/log/secure
    Feb 07 10:37:28 1139288848 pluto[21650]: packet from 151.7.7.131:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    Feb 07 10:37:28 1139288848 pluto[21650]: packet from 151.7.7.131:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
    Feb 07 10:37:28 1139288848 pluto[21650]: packet from 151.7.7.131:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 
    Feb 07 10:37:28 1139288848 pluto[21650]: "test_conn"[1] 151.7.7.131 #1: Aggressive mode peer ID is ID_IPV4_ADDR: '0.0.0.0'
    Feb 07 10:37:28 1139288848 pluto[21650]: "test_conn"[2] 151.7.7.131 #1: deleting connection "test_conn" instance with peer 151.7.7.131 {isakmp=#0/ipsec=#0}
    Feb 07 10:37:28 1139288848 pluto[21650]: "test_conn"[2] 151.7.7.131 #1: responding to Aggressive Mode, state #1, connection "test_conn" from 151.7.7.131
    Feb 07 10:37:28 1139288848 pluto[21650]: "test_conn"[2] 151.7.7.131 #1: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
    Feb 07 10:37:28 1139288848 pluto[21650]: "test_conn"[2] 151.7.7.131 #1: STATE_AGGR_R1: sent AR1, expecting AI2
    Feb 07 10:37:28 1139288848 pluto[21650]: packet from 151.7.7.131:500: ignoring informational payload, type UNEQUAL_PAYLOAD_LENGTHS
    Feb 07 10:37:28 1139288848 pluto[21650]: packet from 151.7.7.131:500: received and ignored informational message
    Feb 07 10:37:28 1139288848 pluto[21650]: packet from 151.7.7.131:500: received and ignored informational message
    Feb 07 10:37:38 1139288858 pluto[21650]: packet from 151.7.7.131:500: ignoring informational payload, type INVALID_COOKIE
    Feb 07 10:37:38 1139288858 pluto[21650]: packet from 151.7.7.131:500: received and ignored informational message
    Feb 07 10:37:58 1139288878 pluto[21650]: packet from 151.7.7.131:500: ignoring informational payload, type INVALID_COOKIE
    Feb 07 10:37:58 1139288878 pluto[21650]: packet from 151.7.7.131:500: received and ignored informational message
    Thanks.. 

Regards,

Utkarsh Shah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060207/a0d0a3b9/attachment-0001.htm


More information about the Users mailing list