[Openswan Users] [NEWBIE] Help needed - Openswan 2.2 - Sarge 2.4.27 <-> Cisco Pix
Peter McGill
petermcgill at goco.net
Fri Nov 24 08:53:44 EST 2006
On Fri, 24 Nov 2006 Mathieu Chappuis
> Would you help me ? I can't have a working tunnel using openswan 2.2
> talking to a Cisco Pix.
>
> My openswan router run a Debian Sarge 2.4.27, Openswan IPsec
> U2.2.0/K2.4.27-1-386.
>
> packet from 81.4.5.6:500: ignoring informational payload, type
> NO_PROPOSAL_CHOSEN
>
> conn vpn
> type=tunnel
> left=213.1.2.3
> leftsubnet=192.168.27.0/24 # Defined as DONALD on pix side.
> right=81.4.5.6
> rightsubnet=172.16.15.2/32
> esp=3des-sha1-1024 #Also tried with 3des-sha1
> keyexchange=ike
> # keylife=1d
> authby=secret
> pfs=no #yes
> auto=add
I've never used Cisco, so I can't comment on it's setup, but this looks almost right.
I'd try putting this in your conn.
ike=3des-sha1-modp1024
esp=3des-sha1
Also auto=add, means the connection will not start until the cisco requests it, if you
want openswan to start the conn right away you need to use auto=start.
Also, your using a version that's a bit old, 2.2, I'd recommend getting a recent version.
If your still not connecting, then send us your full log for that connection, which should be
less than a dozen or so lines, starting with something similar to this:
Nov 22 09:40:33 sheridan pluto[7376]: "stmarys-office-net-to-london-office-net" #1: initiating Main Mode
or
Nov 22 10:19:09 delenn pluto[26859]: "stmarys-office-server-to-london-office-server" #78: responding to Main Mode
Peter
More information about the Users
mailing list