[Openswan Users] Zyxel Autentication problem
sila
sila at network-city.it
Mon Feb 20 11:39:30 CET 2006
Hello, i have try to create tunnel openswan <--> zyxel router.
I have used a configuration used in openswan Site
http://wiki.openswan.org/index.php/interoperatingZyxel.
When the zyxel try to connect i see in the log this:
Feb 20 11:18:41 Vpn ipsec_setup: ...Openswan IPsec stopped
Feb 20 11:18:41 Vpn ipsec_setup: Stopping Openswan IPsec...
Feb 20 11:18:43 Vpn ipsec_setup: KLIPS debug `none'
Feb 20 11:18:44 Vpn kernel:
Feb 20 11:18:44 Vpn ipsec_setup: KLIPS ipsec0 on eth1
81.174.16.70/255.255.255.248 broadcast 81.174.16.71
Feb 20 11:18:44 Vpn ipsec__plutorun: Starting Pluto subsystem...
Feb 20 11:18:44 Vpn ipsec_setup: ...Openswan IPsec started
Feb 20 11:18:44 Vpn ipsec_setup: Starting Openswan IPsec 2.4.5rc5...
Feb 20 11:18:44 Vpn pluto[4153]: Starting Pluto (Openswan Version 2.4.5rc5
X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEi at vORSfbbz)
Feb 20 11:18:44 Vpn pluto[4153]: Setting NAT-Traversal port-4500 floating to
off
Feb 20 11:18:44 Vpn pluto[4153]: port floating activation criteria
nat_t=0/port_fload=1
Feb 20 11:18:44 Vpn pluto[4153]: including NAT-Traversal patch (Version
0.6c) [disabled]
Feb 20 11:18:44 Vpn pluto[4153]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Feb 20 11:18:44 Vpn pluto[4153]: starting up 1 cryptographic helpers
Feb 20 11:18:44 Vpn pluto[4153]: started helper pid=4154 (fd:6)
Feb 20 11:18:44 Vpn pluto[4153]: Using KLIPS IPsec interface code on 2.4.31
Feb 20 11:18:44 Vpn pluto[4153]: Changing to directory '/etc/ipsec.d/cacerts'
Feb 20 11:18:44 Vpn pluto[4153]: Changing to directory '/etc/ipsec.d/aacerts'
Feb 20 11:18:44 Vpn pluto[4153]: Changing to
directory '/etc/ipsec.d/ocspcerts'
Feb 20 11:18:44 Vpn pluto[4153]: Changing to directory '/etc/ipsec.d/crls'
Feb 20 11:18:44 Vpn pluto[4153]: Warning: empty directory
Feb 20 11:18:44 Vpn pluto[4153]: added connection description "medimatica-
zyxel"
Feb 20 11:18:44 Vpn pluto[4153]: added connection description "medimatica-
winxp"
Feb 20 11:18:44 Vpn pluto[4153]: listening for IKE messages
Feb 20 11:18:44 Vpn pluto[4153]: adding interface ipsec0/eth1 81.174.16.70:500
Feb 20 11:18:44 Vpn pluto[4153]: loading secrets from "/etc/ipsec.secrets"
Feb 20 11:19:15 Vpn pluto[4153]: packet from 82.49.3.138:500: ignoring
unknown Vendor ID payload [625027749d5ab97f5616c1602765cf480a3b7d0b]
Feb 20 11:19:15 Vpn pluto[4153]: "medimatica-zyxel"[1] 82.49.3.138 #1:
responding to Main Mode from unknown peer 82.49.3.138
Feb 20 11:19:15 Vpn pluto[4153]: "medimatica-zyxel"[1] 82.49.3.138 #1: only
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
OAKLEY_GROUP_DESCRIPTION
Feb 20 11:19:15 Vpn pluto[4153]: "medimatica-zyxel"[1] 82.49.3.138 #1: no
acceptable Oakley Transform
Feb 20 11:19:15 Vpn pluto[4153]: "medimatica-zyxel"[1] 82.49.3.138 #1:
sending notification NO_PROPOSAL_CHOSEN to 82.49.3.138:500
Feb 20 11:19:15 Vpn pluto[4153]: "medimatica-zyxel"[1] 82.49.3.138: deleting
connection "medimatica-zyxel" instance with peer 82.49.3.138
{isakmp=#0/ipsec=#0}
Feb 20 11:19:19 Vpn pluto[4153]: packet from 82.49.3.138:500: ignoring
unknown Vendor ID payload [625027749d5ab97f5616c1602765cf480a3b7d0b]
Feb 20 11:19:19 Vpn pluto[4153]: "medimatica-zyxel"[2] 82.49.3.138 #2:
responding to Main Mode from unknown peer 82.49.3.138
Feb 20 11:19:19 Vpn pluto[4153]: "medimatica-zyxel"[2] 82.49.3.138 #2: only
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
OAKLEY_GROUP_DESCRIPTION
Feb 20 11:19:19 Vpn pluto[4153]: "medimatica-zyxel"[2] 82.49.3.138 #2: no
acceptable Oakley Transform
Feb 20 11:19:19 Vpn pluto[4153]: "medimatica-zyxel"[2] 82.49.3.138 #2:
sending notification NO_PROPOSAL_CHOSEN to 82.49.3.138:500
Feb 20 11:19:19 Vpn pluto[4153]: "medimatica-zyxel"[2] 82.49.3.138: deleting
connection "medimatica-zyxel" instance with peer 82.49.3.138
{isakmp=#0/ipsec=#0}
Feb 20 11:19:27 Vpn pluto[4153]: packet from 82.49.3.138:500: ignoring
unknown Vendor ID payload [625027749d5ab97f5616c1602765cf480a3b7d0b]
Feb 20 11:19:27 Vpn pluto[4153]: "medimatica-zyxel"[3] 82.49.3.138 #3:
responding to Main Mode from unknown peer 82.49.3.138
Feb 20 11:19:27 Vpn pluto[4153]: "medimatica-zyxel"[3] 82.49.3.138 #3: only
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
OAKLEY_GROUP_DESCRIPTION
Feb 20 11:19:27 Vpn pluto[4153]: "medimatica-zyxel"[3] 82.49.3.138 #3: no
acceptable Oakley Transform
Feb 20 11:19:27 Vpn pluto[4153]: "medimatica-zyxel"[3] 82.49.3.138 #3:
sending notification NO_PROPOSAL_CHOSEN to 82.49.3.138:500
Feb 20 11:19:27 Vpn pluto[4153]: "medimatica-zyxel"[3] 82.49.3.138: deleting
connection "medimatica-zyxel" instance with peer 82.49.3.138
{isakmp=#0/ipsec=#0}
Feb 20 11:19:43 Vpn pluto[4153]: packet from 82.49.3.138:500: ignoring
unknown Vendor ID payload [625027749d5ab97f5616c1602765cf480a3b7d0b]
Feb 20 11:19:43 Vpn pluto[4153]: "medimatica-zyxel"[4] 82.49.3.138 #4:
responding to Main Mode from unknown peer 82.49.3.138
Feb 20 11:19:43 Vpn pluto[4153]: "medimatica-zyxel"[4] 82.49.3.138 #4: only
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
OAKLEY_GROUP_DESCRIPTION
Feb 20 11:19:43 Vpn pluto[4153]: "medimatica-zyxel"[4] 82.49.3.138 #4: no
acceptable Oakley Transform
Feb 20 11:19:43 Vpn pluto[4153]: "medimatica-zyxel"[4] 82.49.3.138 #4:
sending notification NO_PROPOSAL_CHOSEN to 82.49.3.138:500
Feb 20 11:19:43 Vpn pluto[4153]: "medimatica-zyxel"[4] 82.49.3.138: deleting
connection "medimatica-zyxel" instance with peer 82.49.3.138
{isakmp=#0/ipsec=#0}
My ipsec.conf is :
version 2.0
config setup
interfaces=%defaultroute
forwardcontrol=yes
klipsdebug=none
plutodebug=none
nat_traversal=no
fragicmp=no
conn medimatica-winxp
authby=secret
disablearrivalcheck=no
pfs=no
left=XX.XX.XX.XX
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
compress=yes
auto=add
conn medimatica-zyxel
authby=secret
pfs=no
left=XX.XX.XX.XX
leftsubnet=192.168.0.0/24
right=%any
rightsubnet=192.168.1.0/24
keyexchange=ike
ikelifetime=240m
keylife=60m
# compress=no
auto=add
conn OEself
auto=ignore
conn clear
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn block
auto=ignore
conn packetdefault
auto=ignore
When in the zyxel i chang type of connection from ike to manual
i have 2 key, one key in autentications for sha1 and a preshared key
for 3des Why ?
Thank to all :D
More information about the Users
mailing list