[Openswan Users] Openswan issues
Peter McGill
petermcgill at goco.net
Wed Apr 18 11:04:21 EDT 2007
> -----Original Message-----
> Date: Wed, 18 Apr 2007 08:15:03 +0200
> From: "Kenneth Bergholm" <kenneth.bergholm at tidax.se>
> Subject: [Openswan Users] Openswan issues
> To: <users at openswan.org>
>
> I'm having big problems with Openswan and vpn access against
> two different
> offices.
>
> The Vpn tunnel. The other office has a Linux firewall with
> Stronswan Ipsec
> (using certificates).
>
> Our current firewall at our office are running Freeswan 1.99
> and works fine
> against the Strongswan ipsec firewall.
>
> The thing is that I wan't to change firewall to the new one
> with Openswan
>
> When I got the watchguard tunnel to work, I added the
> configuration from the
> old firewall (1.99) to new Openswans firewalls ipsec.conf.
>
> I also copied the certificates and edited the ipsec.secrets
> to be correct...
> But I don't get it to work!!!
>
> Apr 18 07:28:02 tidaxIpcop pluto[3223]: "fw-fw3" #8: sending
> notification
> NO_PROPOSAL_CHOSEN to 212.181.91.211:500
This is your error NO_PROPOSAL_CHOSEN, it refers to a configuration
Problem, the two sides do not match somewhere, could we see your
Strongswan and openswan conf files? You may fake/replace your public
ips, And keys for security, but we need to see your other settings.
leftsubnet=
rightsubnet=
ike=
esp=
pfs=
aggrmode=
and your key's/certs all must match.
These are the most common settings to cause this error but there may
Be others, please send us your confs for review, if you cannot find
The discrepancy.
Peter
More information about the Users
mailing list