[Openswan Users] Ike Mode Config and virtual IP
Marco Berizzi
pupilla at hotmail.com
Wed Feb 8 12:44:53 CET 2006
Andreas Steffen wrote:
>The NCP Secure Entry Client works perfectly with
>strongSswan as IKE Mode Config server.
>
> http://www.ncp.de/english/home/index.html
Hi Andreas,
thanks for the reply. I did try NCP: it's working with
strongSswan ;-))
Just for record: the same ipsec.conf with OSW 2.4.5rc4
doesn't work with NCP. Here is ipsec.conf and log:
conn IMCFG
left=%any
leftid=10.1.2.1
leftsourceip=172.31.254.55
right=10.1.2.10
rightid=10.1.2.10
rightsubnet=172.16.1.0/24
authby=secret
auto=add
pfs=yes
compress=yes
leftrsasigkey=none
rightrsasigkey=none
keyingtries=0
rightupdown=/usr/local/lib/ipsec/_updown_x509
Feb 8 11:36:58 Calimero pluto[7788]: packet from 10.1.2.1:500: ignoring
unknown Vendor ID payload [da8e937880010000]
Feb 8 11:36:58 Calimero pluto[7788]: packet from 10.1.2.1:500: received
Vendor ID payload [XAUTH]
Feb 8 11:36:58 Calimero pluto[7788]: packet from 10.1.2.1:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port
floating is off
Feb 8 11:36:58 Calimero pluto[7788]: packet from 10.1.2.1:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port
floating is off
Feb 8 11:36:58 Calimero pluto[7788]: packet from 10.1.2.1:500: ignoring
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Feb 8 11:36:58 Calimero pluto[7788]: packet from 10.1.2.1:500: received
Vendor ID payload [RFC 3947] meth=109, but port floating is off
Feb 8 11:36:58 Calimero pluto[7788]: packet from 10.1.2.1:500: received
Vendor ID payload [Dead Peer Detection]
Feb 8 11:36:58 Calimero pluto[7788]: packet from 10.1.2.1:500: ignoring
unknown Vendor ID payload [eb4c1b788afd4a9cb7730a68d56d088b]
Feb 8 11:36:58 Calimero pluto[7788]: packet from 10.1.2.1:500: received
Vendor ID payload [Cisco-Unity]
Feb 8 11:36:58 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: responding to
Main Mode from unknown peer 10.1.2.1
Feb 8 11:36:58 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 8 11:36:58 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: STATE_MAIN_R1:
sent MR1, expecting MI2
Feb 8 11:36:59 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 8 11:36:59 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: STATE_MAIN_R2:
sent MR2, expecting MI3
Feb 8 11:36:59 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
Feb 8 11:36:59 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: Main mode peer
ID is ID_IPV4_ADDR: '10.1.2.1'
Feb 8 11:36:59 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: I did not send
a certificate because I do not have one.
Feb 8 11:36:59 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 8 11:36:59 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Feb 8 11:36:59 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: received
MODECFG message when in state STATE_MAIN_R3, and we aren't xauth client
Feb 8 11:37:08 Calimero last message repeated 3 times
Feb 8 11:37:11 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1 #1: received
Delete SA payload: deleting ISAKMP State #1
Feb 8 11:37:11 Calimero pluto[7788]: "IMCFG"[1] 10.1.2.1: deleting
connection "IMCFG" instance with peer 10.1.2.1 {isakmp=#0/ipsec=#0}
Feb 8 11:37:11 Calimero pluto[7788]: packet from 10.1.2.1:500: received and
ignored informational message
More information about the Users
mailing list