[Openswan Users] Vigor2600 & Openswan 2.4.5rc5
Roberto Fichera
kernel at tekno-soft.it
Sat Feb 18 12:36:46 CET 2006
Hi All,
does anyone have some tips for the Draytek Vigor2600 (v2.5.5.3_I &
v2.5.6_I) and
Openswan interop because I'm getting some strance behaviour. The
tunnel stay up
for about one or two ours than I start to get error and the vigor2600
doesn't reconnect :
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: responding to Main Mode
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: OAKLEY_DES_CBC
is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: OAKLEY_DES_CBC
is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: only
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
AKLEY_GROUP_DESCRIPTION
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: STATE_MAIN_R1:
sent MR1, expecting MI2
Feb 18 00:08:47 vpn pluto[31374]: "vigor2600-vpn" #43: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 18 00:08:47 vpn pluto[31374]: "vigor2600-vpn" #43: STATE_MAIN_R2:
sent MR2, expecting MI3
Feb 18 00:08:48 vpn pluto[31374]: "vigor2600-vpn" #43: Main mode peer
ID is ID_IPV4_ADDR: '217.133.165.34'
Feb 18 00:08:48 vpn pluto[31374]: "vigor2600-vpn" #43: I did not send
a certificate because I do not have one.
Feb 18 00:08:48 vpn pluto[31374]: "vigor2600-vpn" #43: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 18 00:08:48 vpn pluto[31374]: "vigor2600-vpn" #43: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
..............
...............
Feb 18 07:48:00 vpn pluto[31374]: "vigor2600-vpn" #175: starting
keying attempt 32 of an unlimited number
Feb 18 07:48:00 vpn pluto[31374]: "vigor2600-vpn" #179: initiating
Main Mode to replace #175
Feb 18 07:52:28 vpn pluto[31374]: "vigor2600-vpn" #176: max number of
retransmissions (20) reached STATE_MAIN_I1. No response (or no
acceptable response) to our first IKE message
Feb 18 07:52:28 vpn pluto[31374]: "vigor2600-vpn" #176: starting
keying attempt 32 of an unlimited number
Feb 18 07:52:28 vpn pluto[31374]: "vigor2600-vpn" #180: initiating
Main Mode to replace #176
/etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
uniqueids=yes
interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24,%v4:!192.168.10.0/24
# Add connections here
conn %default
disablearrivalcheck=no
authby=secret
keyingtries=1
keyexchange=ike
auth=esp
pfs=no
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
conn vigor2600-vpn
left=k.x.y.z
leftsubnet=192.168.13.0/24
right=%defaultroute
rightsubnet=192.168.1.0/24
disablearrivalcheck=no
auto=add
authby=secret
Thanks in advance,
Roberto Fichera.
More information about the Users
mailing list