[Openswan Users] About the NO_PROPOSAL_CHOSEN errors

Oliver Schulze L. oliver at samera.com.py
Fri May 19 18:39:47 CEST 2006 

Hi,
I'm connecting Openswan 2.4.0 on RH9 to a Cisco PIX.

This is the error log:
May 19 17:19:09 server04 pluto[9775]: "client1" #1: initiating Main Mode
May 19 17:19:10 server04 pluto[9775]: "client1" #1: transition from 
state STATE_MAIN_I1 to state STATE_MAIN_I2
May 19 17:19:10 server04 pluto[9775]: "client1" #1: STATE_MAIN_I2: sent 
MI2, expecting MR2
May 19 17:19:11 server04 pluto[9775]: "client1" #1: received Vendor ID 
payload [XAUTH]
May 19 17:19:11 server04 pluto[9775]: "client1" #1: received Vendor ID 
payload [Dead Peer Detection]
May 19 17:19:11 server04 pluto[9775]: "client1" #1: received Vendor ID 
payload [Cisco-Unity]
May 19 17:19:11 server04 pluto[9775]: "client1" #1: ignoring unknown 
Vendor ID payload [xx]
May 19 17:19:11 server04 pluto[9775]: "client1" #1: I did not send a 
certificate because I do not have one.
May 19 17:19:11 server04 pluto[9775]: "client1" #1: transition from 
state STATE_MAIN_I2 to state STATE_MAIN_I3
May 19 17:19:11 server04 pluto[9775]: "client1" #1: STATE_MAIN_I3: sent 
MI3, expecting MR3
May 19 17:19:12 server04 pluto[9775]: "client1" #1: Main mode peer ID is 
ID_IPV4_ADDR: 'xx.xx.xx.xx'
May 19 17:19:12 server04 pluto[9775]: "client1" #1: transition from 
state STATE_MAIN_I3 to state STATE_MAIN_I4
May 19 17:19:12 server04 pluto[9775]: "client1" #1: STATE_MAIN_I4: 
ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY 
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}
May 19 17:19:12 server04 pluto[9775]: "client1" #2: initiating Quick 
Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1}
May 19 17:19:12 server04 pluto[9775]: "client1" #1: ignoring 
informational payload, type IPSEC_INITIAL_CONTACT
May 19 17:19:12 server04 pluto[9775]: "client1" #1: received and ignored 
informational message
May 19 17:19:13 server04 pluto[9775]: "client1" #1: ignoring 
informational payload, type NO_PROPOSAL_CHOSEN
May 19 17:19:13 server04 pluto[9775]: "client1" #1: received and ignored 
informational message
May 19 17:20:22 server04 pluto[9775]: "client1" #2: max number of 
retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to 
our first Quick Mode message: perhaps peer likes no proposal
May 19 17:20:22 server04 pluto[9775]: "client1" #2: starting keying 
attempt 2 of an unlimited number
May 19 17:20:22 server04 pluto[9775]: "client1" #3: initiating Quick 
Mode PSK+ENCRYPT+TUNNEL+UP to replace #2 {using isakmp#1}

It seems that the encryption settings are different in Linux and in the 
Cisco router, is that correct?
I understand that the PSK and IKE phase are ok, is that correct?

Many Thanks
Oliver

-- 
Oliver Schulze L.
<oliver at samera.com.py>

More information about the Users mailing list