[Openswan Users] Vigor2600 & Openswan 2.4.5rc5

Sat Feb 18 12:36:46 CET 2006

Hi All,

does anyone have some tips for the Draytek Vigor2600 (v2.5.5.3_I & 
v2.5.6_I) and
Openswan interop because I'm getting some strance behaviour. The 
tunnel stay up
for about one or two ours than I start to get error and the vigor2600 
doesn't reconnect :

Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: responding to Main Mode
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: OAKLEY_DES_CBC 
is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: OAKLEY_DES_CBC 
is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: only 
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.  Attribute 
AKLEY_GROUP_DESCRIPTION
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: transition 
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: STATE_MAIN_R1: 
sent MR1, expecting MI2
Feb 18 00:08:47 vpn pluto[31374]: "vigor2600-vpn" #43: transition 
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 18 00:08:47 vpn pluto[31374]: "vigor2600-vpn" #43: STATE_MAIN_R2: 
sent MR2, expecting MI3
Feb 18 00:08:48 vpn pluto[31374]: "vigor2600-vpn" #43: Main mode peer 
ID is ID_IPV4_ADDR: '217.133.165.34'
Feb 18 00:08:48 vpn pluto[31374]: "vigor2600-vpn" #43: I did not send 
a certificate because I do not have one.
Feb 18 00:08:48 vpn pluto[31374]: "vigor2600-vpn" #43: transition 
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 18 00:08:48 vpn pluto[31374]: "vigor2600-vpn" #43: STATE_MAIN_R3: 
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY 
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
..............
...............
Feb 18 07:48:00 vpn pluto[31374]: "vigor2600-vpn" #175: starting 
keying attempt 32 of an unlimited number
Feb 18 07:48:00 vpn pluto[31374]: "vigor2600-vpn" #179: initiating 
Main Mode to replace #175
Feb 18 07:52:28 vpn pluto[31374]: "vigor2600-vpn" #176: max number of 
retransmissions (20) reached STATE_MAIN_I1.  No response (or no 
acceptable response) to our first IKE message
Feb 18 07:52:28 vpn pluto[31374]: "vigor2600-vpn" #176: starting 
keying attempt 32 of an unlimited number
Feb 18 07:52:28 vpn pluto[31374]: "vigor2600-vpn" #180: initiating 
Main Mode to replace #176

/etc/ipsec.conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
         # klipsdebug=none
         # plutodebug="control parsing"
         uniqueids=yes
         interfaces=%defaultroute
         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24,%v4:!192.168.10.0/24

# Add connections here
conn %default
         disablearrivalcheck=no
         authby=secret
         keyingtries=1
         keyexchange=ike
         auth=esp
         pfs=no

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

conn vigor2600-vpn
         left=k.x.y.z
         leftsubnet=192.168.13.0/24
         right=%defaultroute
         rightsubnet=192.168.1.0/24
         disablearrivalcheck=no
         auto=add
         authby=secret

Thanks in advance,

Roberto Fichera. 