[Openswan Users] Trouble with Checkpoint: NO_PROPOSAL_CHOSEN in MAIN I1

Sat Mar 11 15:12:18 CET 2006

Hi,

I have trouble establishing a VPN between my Linux FW and a Checkpoint FW.

Situation:
Ordinary Net-to-net connection. I have plenty of these already installed so I 
wonder what happend to this one. I do not have direct access to the 
Checkpoint now, but the problem is urgent.

OpenSWAN: U2.2.0/K2.6.11.4-21.11-default (native) from SuSE 9.3
Checkpoint NG R54 HFA417

If I start the connection with "ipsec auto --up <connection>" I see two 
packets on the line with port 500. The answer is:
muc3:~ # ipsec auto --up connection
104 "connection" #29: STATE_MAIN_I1: initiate
003 "connection" #29: ignoring informational payload, type NO_PROPOSAL_CHOSEN
003 "connection" #29: received and ignored informational message

Same in my logfiles.

My configuration is:
config setup
        nat_traversal=yes
        overridemtu=1400
        virtual_private=%v4:192.168.188.1.0/24

conn %default
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn conenction
        type=tunnel
        auth=esp
        authby=secret
        pfs=no
        left=a.b.c.104
        leftsubnet=d.e.f.0/24
        leftnexthop=a.b.c.97
        right=g.h.i.1
        rightnexthop=g.h.i.80
        rightsubnet=j.k.l.0/8
        auto=add

Checkpoint config:
AES and 3DES, MD5 and SHA1 enabled, no pfs.

Any idea what might be wrong?
-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060311/b8bc8021/attachment.bin