[Openswan Users] I can´t stablished the conection!?

Fabio Ferreira fabio.ferreira at markway.com.br
Tue Nov 28 13:37:52 EST 2006


Dear,

 

I have an fedora core 5 with OpensWan 2.4.4. I have an IPTABLES Firewall with Ipsec/Openswan on my server.

My other end is a station Windows XP with SP2 (dial-up conection)and Lynsys Ipsectool. I read the book OpensWan by Paul and i´m trying to stablished the conection with my network.  At the Lynsys Tool appears that connection "ipsec tool active", but I can´t ping or access my netowork.

Please help me!

Please see my log.

 

 

Ipsec whack -status

 

000 "roadwarrior_jackson": 192.168.1.0/24===200.150.147.244[C=BR, ST=RJ, L=RJ, O=markway, CN=jackson, E=jackson.schemes at markway.com.br]---200.150.147.241...%any; unrouted; eroute owner: #0

000 "roadwarrior_jackson":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;

000 "roadwarrior_jackson":   CAs: 'C=BR, ST=RJ, O=markway, CN=CA, E=fabio.ferreira at markway.com.br'...'%any'

000 "roadwarrior_jackson":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1

000 "roadwarrior_jackson":   policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 24,32; interface: eth0;

000 "roadwarrior_jackson":   newest ISAKMP SA: #0; newest IPsec SA: #0;

000 "roadwarrior_jackson"[21]: 192.168.1.0/24===200.150.147.244[C=BR, ST=RJ, L=RJ, O=markway, CN=jackson, E=jackson.schemes at markway.com.br]---200.150.147.241...201.5.9.49; unrouted; eroute owner: #0

000 "roadwarrior_jackson"[21]:     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;

000 "roadwarrior_jackson"[21]:   CAs: 'C=BR, ST=RJ, O=markway, CN=CA, E=fabio.ferreira at markway.com.br'...'%any'

000 "roadwarrior_jackson"[21]:   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1

000 "roadwarrior_jackson"[21]:   policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 24,32; interface: eth0;

000 "roadwarrior_jackson"[21]:   newest ISAKMP SA: #0; newest IPsec SA: #0;

000

000 #36: "roadwarrior_jackson"[21] 201.5.9.49:500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 19s; nodpd

000

 

[root at frwmarkway frw]# tail -f /var/log/secure

Nov 28 15:22:40 frwmarkway pluto[26422]: packet from 201.5.9.49:500: ignoring Vendor ID payload [Vid-Initial-Contact]

Nov 28 15:22:40 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #42: responding to Main Mode from unknown peer 201.5.9.49

Nov 28 15:22:40 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #42: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

Nov 28 15:22:40 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #42: STATE_MAIN_R1: sent MR1, expecting MI2

Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected

Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: STATE_MAIN_R2: sent MR2, expecting MI3

Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: byte 2 of ISAKMP Hash Payload must be zero, but is not

Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: malformed payload in packet

Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: sending notification PAYLOAD_MALFORMED to 201.5.9.49:500

 

 

Thanks,

 

Fabio.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061128/3a1a7541/attachment.html 


More information about the Users mailing list