[Openswan Users] vpn connection to a LANCOM router

Paul Wouters paul at xelerance.com
Sat Jan 7 23:22:06 CET 2006

On Sat, 7 Jan 2006, Andreas Lüdtke wrote:

> I'm trying now for a week to get a vpn connection from my Linksys router
> running openWRT (with Openswan 2.4.4) to our company LANCOM router. I
> already search the web and the openWRT forum, but I didn't got an answer for
> my problem. I also talked long to a support technician at LANCOM and he told
> me that everything looks good and it should work... But he is not a linux
> guru. So now I try it here and hope for answers.
> To put it short: when I try to make the connection, I get either the error
> messages NO_PROPOSAL_CHOSEN or INVALID_COOKIE or the connection goes to

invalid_cookie usually comes from the fact that one end restarted and the
other did not. A lot of router/firewlal/ipsec boxes do not restart phase 1
if you change the configuration, so reboot those machines to make sure you
are using a real new phase 1 (or issue a ipsec auto --delete connname to
for the deletion, but the remote unit might instantly start again)

> STATE_MAIN_I4 and tell me then "phase 1 is done, looking for phase 1 to
> unpend" and then then next connection is tried. The error messages depend as
> far as I can see it on the setting of pfs=yes/no in ipsec.conf.
> Could someone please help me to get it working?

Your logs did not show the real error. Can you try again from a fresh state?
And please use plutodebug=none.


More information about the Users mailing list