[Openswan Users] I can´t stablished the conection!?
Fabio Ferreira
fabio.ferreira at markway.com.br
Wed Nov 29 07:04:15 EST 2006
Hi!
I have an fedora core 5 with OpensWan 2.4.4. I have an IPTABLES Firewall with Ipsec/Openswan on my server.
My other end is a station Windows XP with SP2 (dial-up conection)and Lynsys Ipsectool. I read the book OpensWan by Paul and i´m trying to stablished the conection with my network. At the Lynsys Tool appears that connection "ipsec tool active", but I can´t ping or access my netowork.
Please help me!
Please see my log.
Ipsec whack -status
000 "roadwarrior_jackson": 192.168.1.0/24===200.150.147.244[C=BR, ST=RJ, L=RJ, O=markway, CN=jackson, E=jackson.schemes at markway.com.br]---200.150.147.241...%any; unrouted; eroute owner: #0
000 "roadwarrior_jackson": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "roadwarrior_jackson": CAs: 'C=BR, ST=RJ, O=markway, CN=CA, E=fabio.ferreira at markway.com.br'...'%any'
000 "roadwarrior_jackson": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "roadwarrior_jackson": policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 24,32; interface: eth0;
000 "roadwarrior_jackson": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "roadwarrior_jackson"[21]: 192.168.1.0/24===200.150.147.244[C=BR, ST=RJ, L=RJ, O=markway, CN=jackson, E=jackson.schemes at markway.com.br]---200.150.147.241...201.5.9.49; unrouted; eroute owner: #0
000 "roadwarrior_jackson"[21]: srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "roadwarrior_jackson"[21]: CAs: 'C=BR, ST=RJ, O=markway, CN=CA, E=fabio.ferreira at markway.com.br'...'%any'
000 "roadwarrior_jackson"[21]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "roadwarrior_jackson"[21]: policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 24,32; interface: eth0;
000 "roadwarrior_jackson"[21]: newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #36: "roadwarrior_jackson"[21] 201.5.9.49:500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 19s; nodpd
000
[root at frwmarkway frw]# tail -f /var/log/secure
Nov 28 15:22:40 frwmarkway pluto[26422]: packet from 201.5.9.49:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Nov 28 15:22:40 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #42: responding to Main Mode from unknown peer 201.5.9.49
Nov 28 15:22:40 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #42: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 28 15:22:40 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #42: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: byte 2 of ISAKMP Hash Payload must be zero, but is not
Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: malformed payload in packet
Nov 28 15:22:41 frwmarkway pluto[26422]: "roadwarrior_jackson"[23] 201.5.9.49 #40: sending notification PAYLOAD_MALFORMED to 201.5.9.49:500
Thanks,
Fabio.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061129/6753a662/attachment.html
More information about the Users
mailing list