[Openswan Users] conn to ADSL router fails on Phase2
Santhan Perampalam
perampalams at bhfshops.org.uk
Tue Oct 17 12:25:49 EDT 2006
Dear Openswan Gurus,
I have a Debian Sarge (kernel version 2.6.18) machine running Openswan
2.4.6 (klips).
I am trying to connect it to a Speedtouch 608WL ADSL router. The ST608WL
is in IPSEC VPN server mode as I would like to bring the tunnel up and
down from the Openswan end on demand. However, no matter what changes I
make at either end the connection always fails (at Phase2 I believe)
with the following error on the ST608WL logs:
phase 1 SA established
-> initiator(1.2.3.4), responder(9.8.7.6)
-> src(9.8.7.6) dst(1.2.3.4)
9.8.7.6->1.2.3.4: [1/3] <- recv HASH|SA|NONCE, responder, quick mode
=> no matching connection profile found for incoming quick mode
quick mode failed: no connection profile found peer
DefaultMain,initiator id(1.2.3.4), responder id(9.8.7.6)
9.8.7.6->1.2.3.4: [1/3] <- recv HASH|SA|NONCE failed, responder, quick mode
9.8.7.6->1.2.3.4: [1/3] <- recv HASH|SA|NONCE, responder, quick mode
[1.2.3.4 is openswan machine, 9.8.7.6 is the ST608WL router]
My conn parameters are :
left=1.2.3.4
right=9.8.7.6
rightsubnet=192.168.1.0/24
type=tunnel
auto=add
authby=secret
auth=esp
keylife=24h
ikelife=1h
pfs=no
ike=3des-md5-modp1024
esp=3des-md5
Openswan Auth.log says:
STATE_MAIN_I4: ISAKMP SA established ...
initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#5}
ignoring information payload, type NO_PROPOSAL_CHOSEN
received and ignored informational message
ignoring information payload, type NO_PROPOSAL_CHOSEN
I would be grateful for any suggestions,
Santhan
More information about the Users
mailing list