[Openswan Users] Vigor2600 & Openswan 2.4.5rc5
Roberto Fichera
kernel at tekno-soft.it
Mon Feb 20 18:58:06 CET 2006
At 10.14 20/02/2006, Roberto Fichera wrote:
>At 20.29 19/02/2006, Paul Wouters wrote:
>
> >On Sat, 18 Feb 2006, Roberto Fichera wrote:
> >
> >> does anyone have some tips for the Draytek Vigor2600 (v2.5.5.3_I
>& v2.5.6_I)
> >> and
> >> Openswan interop because I'm getting some strance behaviour. The
>tunnel stay
> >> up
> >> for about one or two ours than I start to get error and the
>vigor2600 doesn't
> >> reconnect :
> >>
> >> Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: responding to
> >Main Mode
> >> Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43:
>OAKLEY_DES_CBC is not
> >> supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
> >> Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43:
>OAKLEY_DES_CBC is not
> >> supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
> >> Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: only
> >> OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
> >> AKLEY_GROUP_DESCRIPTION
> >
> >Change the IKE option in the "advanced" popup to not use 1DES. What is
> >happening is that openswan as initiator works fine, but when the Vigor
> >turns to become the initiator at next rekey, it fails because it is
> >announcing 1DES insteaf of 3DES or AES?
>
>Ok! I'll try it!
I tried the configuration you suggest, but still the problem :-(!
On the Vigor side I changed:
Call direction: both
Idel timeout: 3600 (secs)
IPSec security method:
High(ESP): 3DES with Authentication
Advange Menu:
IKE phase 1 proposal: 3DES_MD5_G2
IKE phase 1 key lifetime: 28800 (default)
IKE phase 2 key lifetime: 3600 (default)
on /etc/ipsec.conf
basically I tried auto=add and auto=start (current config)
but the tunnel isn't rekeyed correctly.
Could you tell me what's the best configuration for the vigor2600?
Is the vigor2600 preferred to be the initiator and Openswan I had to
set auto=add, or Openswan must be the initiator?
>
> >
> >Paul
>
>Roberto Fichera.
>
>_______________________________________________
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users
>Building and Integrating Virtual Private Networks with Openswan:
>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
Roberto Fichera.
More information about the Users
mailing list