[Openswan Users]: Solved: MAIN I1 and no proposal chosen

Michael Schwartzkopff misch at multinet.de
Sat Mar 11 15:34:36 CET 2006


Hi,

sorry for having no subject on the previous mail.

I solved the problem described below. I had to add the line "ike=aes256" in my 
configuration.

Am Samstag, 11. März 2006 15:12 schrieb Michael Schwartzkopff:
> Hi,
>
> I have trouble establishing a VPN between my Linux FW and a Checkpoint FW.
>
> Situation:
> Ordinary Net-to-net connection. I have plenty of these already installed so
> I wonder what happend to this one. I do not have direct access to the
> Checkpoint now, but the problem is urgent.
>
> OpenSWAN: U2.2.0/K2.6.11.4-21.11-default (native) from SuSE 9.3
> Checkpoint NG R54 HFA417
>
> If I start the connection with "ipsec auto --up <connection>" I see two
> packets on the line with port 500. The answer is:
> muc3:~ # ipsec auto --up connection
> 104 "connection" #29: STATE_MAIN_I1: initiate
> 003 "connection" #29: ignoring informational payload, type
> NO_PROPOSAL_CHOSEN 003 "connection" #29: received and ignored informational
> message
>
> Same in my logfiles.
>
> My configuration is:
> config setup
>         nat_traversal=yes
>         overridemtu=1400
>         virtual_private=%v4:192.168.188.1.0/24
>
> conn %default
>         leftrsasigkey=%cert
>         rightrsasigkey=%cert
>
> conn conenction
>         type=tunnel
>         auth=esp
>         authby=secret
>         pfs=no
>         left=a.b.c.104
>         leftsubnet=d.e.f.0/24
>         leftnexthop=a.b.c.97
>         right=g.h.i.1
>         rightnexthop=g.h.i.80
>         rightsubnet=j.k.l.0/8
>         auto=add
>
> Checkpoint config:
> AES and 3DES, MD5 and SHA1 enabled, no pfs.
>
> Any idea what might be wrong?

-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060311/14a555cd/attachment.bin


More information about the Users mailing list