[Openswan Users] Openswan issues

Kenneth Bergholm kenneth.bergholm at tidax.se
Wed Apr 18 02:15:03 EDT 2007


Hi!

 

I'm having big problems with Openswan and vpn access against two different
offices.

One new office has a Watchguard firewall (I'm using PSK for this connection)
and it works fine, no problems to bring up

The Vpn tunnel. The other office has a Linux firewall with Stronswan Ipsec
(using certificates).

Our current firewall at our office are running Freeswan 1.99 and works fine
against the Strongswan ipsec firewall.

The thing is that I wan't to change firewall to the new one with Openswan
and get I to work both against office 1 and office 2.

When I got the watchguard tunnel to work, I added the configuration from the
old firewall (1.99) to new Openswans firewalls ipsec.conf.

I also copied the certificates and edited the ipsec.secrets to be correct...
But I don't get it to work!!!

 

Anyone has a clue on what I'm doing wrong!!!

 

Here is a output from Ipsec barf:

 

Apr 18 07:17:36 tidaxIpcop ipsec_setup: ...Openswan IPsec started

Apr 18 07:17:36 tidaxIpcop pluto[2818]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: ike_alg_register_enc(): Activating
OAKLEY_CAST_CBC: Ok (ret=0)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: ike_alg_register_enc(): Activating
OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: Changing to directory
'/etc/ipsec.d/cacerts'

Apr 18 07:17:36 tidaxIpcop pluto[2818]:   loaded cacert file 'caCert.pem'
(1460 bytes)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: Changing to directory
'/etc/ipsec.d/crls'

Apr 18 07:17:36 tidaxIpcop pluto[2818]:   loaded crl file 'cacrl.pem' (682
bytes)

Apr 18 07:17:36 tidaxIpcop pluto[2818]: crl issuer cacert not found

Apr 18 07:17:36 tidaxIpcop pluto[2818]: OpenPGP certificate file
'/etc/pgpcert.pgp' not found

Apr 18 07:17:37 tidaxIpcop pluto[2818]: | from whack: got --esp=3des

Apr 18 07:17:37 tidaxIpcop pluto[2818]: | from whack: got --ike=3des

Apr 18 07:17:37 tidaxIpcop pluto[2818]:   loaded host cert file
'/etc/ipsec.d/fw1.tidax.se.pem' (1346 bytes)

Apr 18 07:17:37 tidaxIpcop pluto[2818]:   loaded host cert file
'/etc/ipsec.d/fw3.tidax.se.pem' (1346 bytes)

Apr 18 07:17:37 tidaxIpcop pluto[2818]: added connection description
"fw-fw3"

Apr 18 07:17:37 tidaxIpcop pluto[2818]: listening for IKE messages

Apr 18 07:17:37 tidaxIpcop pluto[2818]: adding interface ipsec0/eth1
195.178.169.130

Apr 18 07:17:37 tidaxIpcop pluto[2818]: adding interface ipsec0/eth1
195.178.169.130:4500

Apr 18 07:17:37 tidaxIpcop pluto[2818]: loading secrets from
"/etc/ipsec.secrets"

Apr 18 07:17:37 tidaxIpcop pluto[2818]:   loaded private key file
'/etc/ipsec.d/private/fw1Key.pem' (963 bytes)

Apr 18 07:17:37 tidaxIpcop pluto[2818]: "fw-fw3" #1: initiating Main Mode

Apr 18 07:17:37 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:17:37 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:17:47 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:17:47 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:18:07 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:18:07 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:18:47 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:18:47 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:19:19 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
Quick Mode message is for a non-existent (expired?) ISAKMP SA

Apr 18 07:19:27 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:19:27 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:19:29 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
Quick Mode message is for a non-existent (expired?) ISAKMP SA

Apr 18 07:19:49 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
Quick Mode message is for a non-existent (expired?) ISAKMP SA

Apr 18 07:20:07 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:20:07 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:20:29 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
Quick Mode message is for a non-existent (expired?) ISAKMP SA

Apr 18 07:20:39 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
Quick Mode message is for a non-existent (expired?) ISAKMP SA

Apr 18 07:20:47 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:20:47 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:20:59 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
Quick Mode message is for a non-existent (expired?) ISAKMP SA

Apr 18 07:21:27 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:21:27 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:21:32 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:21:32 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:21:32 tidaxIpcop pluto[2818]: "fw-fw3" #2: responding to Main Mode

Apr 18 07:21:32 tidaxIpcop pluto[2818]: "fw-fw3" #2: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:21:32 tidaxIpcop pluto[2818]: "fw-fw3" #2: no acceptable Oakley
Transform

Apr 18 07:21:32 tidaxIpcop pluto[2818]: "fw-fw3" #2: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:21:42 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:21:42 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:21:42 tidaxIpcop pluto[2818]: "fw-fw3" #3: responding to Main Mode

Apr 18 07:21:42 tidaxIpcop pluto[2818]: "fw-fw3" #3: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:21:42 tidaxIpcop pluto[2818]: "fw-fw3" #3: no acceptable Oakley
Transform

Apr 18 07:21:42 tidaxIpcop pluto[2818]: "fw-fw3" #3: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:22:02 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:22:02 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:22:02 tidaxIpcop pluto[2818]: "fw-fw3" #4: responding to Main Mode

Apr 18 07:22:02 tidaxIpcop pluto[2818]: "fw-fw3" #4: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:22:02 tidaxIpcop pluto[2818]: "fw-fw3" #4: no acceptable Oakley
Transform

Apr 18 07:22:02 tidaxIpcop pluto[2818]: "fw-fw3" #4: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:22:07 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:22:07 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:22:42 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:22:42 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:22:42 tidaxIpcop pluto[2818]: "fw-fw3" #5: responding to Main Mode

Apr 18 07:22:42 tidaxIpcop pluto[2818]: "fw-fw3" #5: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:22:42 tidaxIpcop pluto[2818]: "fw-fw3" #5: no acceptable Oakley
Transform

Apr 18 07:22:42 tidaxIpcop pluto[2818]: "fw-fw3" #5: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:22:47 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:22:47 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:23:22 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:23:22 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:23:22 tidaxIpcop pluto[2818]: "fw-fw3" #6: responding to Main Mode

Apr 18 07:23:22 tidaxIpcop pluto[2818]: "fw-fw3" #6: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:23:22 tidaxIpcop pluto[2818]: "fw-fw3" #6: no acceptable Oakley
Transform

Apr 18 07:23:22 tidaxIpcop pluto[2818]: "fw-fw3" #6: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:23:27 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:23:27 tidaxIpcop pluto[2818]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:23:45 tidaxIpcop ipsec_setup: Stopping Openswan IPsec...

Apr 18 07:23:45 tidaxIpcop pluto[2818]: shutting down

Apr 18 07:23:45 tidaxIpcop pluto[2818]: forgetting secrets

Apr 18 07:23:45 tidaxIpcop pluto[2818]: "fw-fw3": deleting connection

Apr 18 07:23:45 tidaxIpcop pluto[2818]: "fw-fw3" #1: deleting state
(STATE_MAIN_I1)

Apr 18 07:23:45 tidaxIpcop ipsec__plutorun: 104 "fw-fw3" #1: STATE_MAIN_I1:
initiate

Apr 18 07:23:45 tidaxIpcop ipsec__plutorun: 010 "fw-fw3" #1: STATE_MAIN_I1:
retransmission; will wait 20s for response

Apr 18 07:23:45 tidaxIpcop ipsec__plutorun: 010 "fw-fw3" #1: STATE_MAIN_I1:
retransmission; will wait 40s for response

Apr 18 07:23:45 tidaxIpcop ipsec__plutorun: ...could not start conn "fw-fw3"

Apr 18 07:23:45 tidaxIpcop pluto[2818]: shutting down interface ipsec0/eth1
195.178.169.130

Apr 18 07:23:45 tidaxIpcop pluto[2818]: shutting down interface ipsec0/eth1
195.178.169.130

Apr 18 07:23:46 tidaxIpcop kernel: IPSEC EVENT: KLIPS device ipsec0 shut
down.

Apr 18 07:23:46 tidaxIpcop ipsec_setup: ipsec: Device or resource busy

Apr 18 07:23:46 tidaxIpcop ipsec_setup: ...Openswan IPsec stopped

Apr 18 07:23:46 tidaxIpcop ipsec_setup: Starting Openswan IPsec 1.0.10...

Apr 18 07:23:46 tidaxIpcop ipsec_setup: KLIPS debug `none'

Apr 18 07:23:46 tidaxIpcop ipsec_setup: KLIPS ipsec0 on eth1
195.178.169.130/255.255.255.240 broadcast 195.178.169.143 

Apr 18 07:23:46 tidaxIpcop ipsec__plutorun: Starting Pluto subsystem...

Apr 18 07:23:46 tidaxIpcop ipsec_setup: ...Openswan IPsec started

Apr 18 07:23:46 tidaxIpcop pluto[3223]: Starting Pluto (Openswan Version
1.0.10)

Apr 18 07:23:46 tidaxIpcop pluto[3223]:   including X.509 patch with traffic
selectors (Version 0.9.42)

Apr 18 07:23:46 tidaxIpcop pluto[3223]:   including NAT-Traversal patch
(Version 0.6)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: ike_alg_register_enc(): Activating
OAKLEY_CAST_CBC: Ok (ret=0)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: ike_alg_register_enc(): Activating
OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: Changing to directory
'/etc/ipsec.d/cacerts'

Apr 18 07:23:46 tidaxIpcop pluto[3223]:   loaded cacert file 'caCert.pem'
(1460 bytes)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: Changing to directory
'/etc/ipsec.d/crls'

Apr 18 07:23:46 tidaxIpcop pluto[3223]:   loaded crl file 'cacrl.pem' (682
bytes)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: crl issuer cacert not found

Apr 18 07:23:46 tidaxIpcop pluto[3223]: OpenPGP certificate file
'/etc/pgpcert.pgp' not found

Apr 18 07:23:46 tidaxIpcop pluto[3223]: | from whack: got --esp=3des

Apr 18 07:23:46 tidaxIpcop pluto[3223]: | from whack: got --ike=3des

Apr 18 07:23:46 tidaxIpcop pluto[3223]:   loaded host cert file
'/etc/ipsec.d/fw1.tidax.se.pem' (1346 bytes)

Apr 18 07:23:46 tidaxIpcop pluto[3223]:   loaded host cert file
'/etc/ipsec.d/fw3.tidax.se.pem' (1346 bytes)

Apr 18 07:23:46 tidaxIpcop pluto[3223]: added connection description
"fw-fw3"

Apr 18 07:23:46 tidaxIpcop pluto[3223]: | from whack: got --esp=3des-sha1!

Apr 18 07:23:46 tidaxIpcop pluto[3223]: | from whack: got
--ike=3des-sha-modp8192,3des-sha-modp6144,3des-sha-modp4096,3des-sha-modp307
2,3des-sha-modp2048,3des-sha-modp1536,3des-sha-modp1024,3des-sha-modp768!

Apr 18 07:23:46 tidaxIpcop pluto[3223]: added connection description
"LidingoFW"

Apr 18 07:23:47 tidaxIpcop pluto[3223]: listening for IKE messages

Apr 18 07:23:47 tidaxIpcop pluto[3223]: adding interface ipsec0/eth1
195.178.150.120

Apr 18 07:23:47 tidaxIpcop pluto[3223]: adding interface ipsec0/eth1
195.178.150.120:4500

Apr 18 07:23:47 tidaxIpcop pluto[3223]: loading secrets from
"/etc/ipsec.secrets"

Apr 18 07:23:47 tidaxIpcop pluto[3223]:   loaded private key file
'/etc/ipsec.d/private/fw1Key.pem' (963 bytes)

Apr 18 07:23:47 tidaxIpcop ipsec__plutorun: 022 "LidingoFW": we have no
ipsecN interface for either end of this connection

Apr 18 07:23:47 tidaxIpcop ipsec__plutorun: ...could not route conn
"LidingoFW"

Apr 18 07:23:47 tidaxIpcop pluto[3223]: "fw-fw3" #1: initiating Main Mode

Apr 18 07:23:47 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:23:47 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:23:57 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:23:57 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:24:01 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:24:01 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:24:01 tidaxIpcop pluto[3223]: "fw-fw3" #2: responding to Main Mode

Apr 18 07:24:01 tidaxIpcop pluto[3223]: "fw-fw3" #2: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:24:01 tidaxIpcop pluto[3223]: "fw-fw3" #2: no acceptable Oakley
Transform

Apr 18 07:24:01 tidaxIpcop pluto[3223]: "fw-fw3" #2: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:24:17 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:24:17 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:24:42 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:24:42 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:24:42 tidaxIpcop pluto[3223]: "fw-fw3" #3: responding to Main Mode

Apr 18 07:24:42 tidaxIpcop pluto[3223]: "fw-fw3" #3: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:24:42 tidaxIpcop pluto[3223]: "fw-fw3" #3: no acceptable Oakley
Transform

Apr 18 07:24:42 tidaxIpcop pluto[3223]: "fw-fw3" #3: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:24:57 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:24:57 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:25:22 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:25:22 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:25:22 tidaxIpcop pluto[3223]: "fw-fw3" #4: responding to Main Mode

Apr 18 07:25:22 tidaxIpcop pluto[3223]: "fw-fw3" #4: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:25:22 tidaxIpcop pluto[3223]: "fw-fw3" #4: no acceptable Oakley
Transform

Apr 18 07:25:22 tidaxIpcop pluto[3223]: "fw-fw3" #4: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:25:37 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:25:37 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:26:02 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:26:02 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:26:02 tidaxIpcop pluto[3223]: "fw-fw3" #5: responding to Main Mode

Apr 18 07:26:02 tidaxIpcop pluto[3223]: "fw-fw3" #5: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:26:02 tidaxIpcop pluto[3223]: "fw-fw3" #5: no acceptable Oakley
Transform

Apr 18 07:26:02 tidaxIpcop pluto[3223]: "fw-fw3" #5: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:26:02 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
Informational Exchange is for an unknown (expired?) SA

Apr 18 07:26:17 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:26:17 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:26:42 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:26:42 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:26:42 tidaxIpcop pluto[3223]: "fw-fw3" #6: responding to Main Mode

Apr 18 07:26:42 tidaxIpcop pluto[3223]: "fw-fw3" #6: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:26:42 tidaxIpcop pluto[3223]: "fw-fw3" #6: no acceptable Oakley
Transform

Apr 18 07:26:42 tidaxIpcop pluto[3223]: "fw-fw3" #6: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:26:57 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:26:57 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:27:22 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:27:22 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:27:22 tidaxIpcop pluto[3223]: "fw-fw3" #7: responding to Main Mode

Apr 18 07:27:22 tidaxIpcop pluto[3223]: "fw-fw3" #7: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:27:22 tidaxIpcop pluto[3223]: "fw-fw3" #7: no acceptable Oakley
Transform

Apr 18 07:27:22 tidaxIpcop pluto[3223]: "fw-fw3" #7: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

Apr 18 07:27:37 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

Apr 18 07:27:37 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received and ignored informational message

Apr 18 07:28:02 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
ignoring Vendor ID payload [b8f92b2fa2d3fe5fe158344bda1cc6ae]

Apr 18 07:28:02 tidaxIpcop pluto[3223]: packet from 212.181.91.211:500:
received Vendor ID payload [Dead Peer Detection]

Apr 18 07:28:02 tidaxIpcop pluto[3223]: "fw-fw3" #8: responding to Main Mode

Apr 18 07:28:02 tidaxIpcop pluto[3223]: "fw-fw3" #8: policy does not allow
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD

Apr 18 07:28:02 tidaxIpcop pluto[3223]: "fw-fw3" #8: no acceptable Oakley
Transform

Apr 18 07:28:02 tidaxIpcop pluto[3223]: "fw-fw3" #8: sending notification
NO_PROPOSAL_CHOSEN to 212.181.91.211:500

 

 

Regards 

 

Kbergros

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070418/6f417650/attachment-0001.html 


More information about the Users mailing list