[Openswan Users] conn to ADSL router fails on Phase2
Paul Wouters
paul at xelerance.com
Tue Oct 17 21:38:18 EDT 2006
On Tue, 17 Oct 2006, Santhan Perampalam wrote:
> phase 1 SA established
> -> initiator(1.2.3.4), responder(9.8.7.6)
> -> src(9.8.7.6) dst(1.2.3.4)
> 9.8.7.6->1.2.3.4: [1/3] <- recv HASH|SA|NONCE, responder, quick mode
> => no matching connection profile found for incoming quick mode
> quick mode failed: no connection profile found peer
> DefaultMain,initiator id(1.2.3.4), responder id(9.8.7.6)
> 9.8.7.6->1.2.3.4: [1/3] <- recv HASH|SA|NONCE failed, responder, quick mode
> 9.8.7.6->1.2.3.4: [1/3] <- recv HASH|SA|NONCE, responder, quick mode
>
> [1.2.3.4 is openswan machine, 9.8.7.6 is the ST608WL router]
Are you sure your adsl router is configured to expect 192.168.1.0/24 ?
> My conn parameters are :
> left=1.2.3.4
> right=9.8.7.6
> rightsubnet=192.168.1.0/24
Because that is what you ask for ,
> auto=add
> authby=secret
> auth=esp
> keylife=24h
> ikelife=1h
> pfs=no
> ike=3des-md5-modp1024
> esp=3des-md5
I'd remove the ike= and esp= lines to allow more flexibility, unless
you are absolutely sure the remote device only wants those.
> STATE_MAIN_I4: ISAKMP SA established ...
> initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#5}
> ignoring information payload, type NO_PROPOSAL_CHOSEN
It is a misconfiguration. Both ends do not agree.
Paul
More information about the Users
mailing list