[Openswan Users] Problem with Aggressive Mode OpenSWAN to Netgear FVS318
Hugh Watkins
hwatkins at atlantic.net
Fri Apr 27 15:19:42 EDT 2007
I am having problems negotiating phase two and starting a tunnel. I am
not sure what I am missing, any help?
This is openswan 2.4.4 running on a fedora core 4 install.
tunnel config:
conn tunnel35
type=tunnel
authby=secret
keyexchange=ike
aggrmode=yes
left=xxx.xxx.xxx.xxx
leftsubnet=172.20.1.0/24
right=dyn.dns.addr
rightid=@dyn.dns.addr
rightsubnet=192.168.32.0/24
pfs=no
auto=add
auth=esp
esp=3des-sha1
ike=3des-sha1-modp1024
# ipsec auto --status |grep tunnel35
000 "tunnel35":
172.20.1.0/24===xxx.xxx.xxx.xxx...yyy.yyy.yyy.yyy[@dyn.dns.addr]===192.168.32.0/24;
prospective erouted; eroute owner: #0
000 "tunnel35": srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "tunnel35": ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "tunnel35": policy: PSK+ENCRYPT+TUNNEL+UP+AGGRESSIVE; prio: 24,24;
interface: eth0;
000 "tunnel35": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "tunnel35": IKE algorithms wanted: 5_000-2-5, 5_000-2-2, flags=-strict
000 "tunnel35": IKE algorithms found: 5_192-2_160-5, 5_192-2_160-2,
000 "tunnel35": ESP algorithms wanted: 3_000-2, flags=-strict
000 "tunnel35": ESP algorithms loaded: 3_000-2, flags=-strict
000 #648: "tunnel35":500 STATE_AGGR_R1 (sent AR1, expecting AI2);
EVENT_RETRANSMIT in 3s; nodpd
000 #645: "tunnel35":500 STATE_AGGR_I1 (sent AI1, expecting AR1);
EVENT_RETRANSMIT in 39s; nodpd
000 #652: "tunnel35":500 STATE_AGGR_R1 (sent AR1, expecting AI2);
EVENT_RETRANSMIT in 4s; nodpd
000 #651: "tunnel35":500 STATE_AGGR_R1 (sent AR1, expecting AI2);
EVENT_RETRANSMIT in 34s; nodpd
/var/log/secure
Apr 27 16:13:42 fc4 pluto[28632]: "tunnel35" #670: Aggressive mode peer
ID is ID_FQDN: '@dyn.dns.addr'
Apr 27 16:13:42 fc4 pluto[28632]: "tunnel35" #670: responding to
Aggressive Mode, state #670, connection "tunnel35" from yyy.yyy.yyy.yyy
Apr 27 16:13:42 fc4 pluto[28632]: "tunnel35" #670: transition from state
STATE_AGGR_R0 to state STATE_AGGR_R1
Apr 27 16:13:42 fc4 pluto[28632]: "tunnel35" #670: STATE_AGGR_R1: sent
AR1, expecting AI2
Apr 27 16:13:43 fc4 pluto[28632]: "tunnel35" #670: packet rejected:
should have been encrypted
Apr 27 16:13:43 fc4 pluto[28632]: "tunnel35" #670: sending notification
INVALID_FLAGS to yyy.yyy.yyy.yyy:500
Apr 27 16:13:43 fc4 pluto[28632]: "tunnel35" #670: Quick Mode message is
unacceptable because it is for an incomplete ISAKMP SA
Apr 27 16:13:43 fc4 pluto[28632]: "tunnel35" #670: sending notification
PAYLOAD_MALFORMED to yyy.yyy.yyy.yyy:500
Apr 27 16:13:51 fc4 pluto[28632]: "tunnel35" #668: max number of
retransmissions (2) reached STATE_AGGR_R1
Apr 27 16:14:07 fc4 pluto[28632]: packet from yyy.yyy.yyy.yyy:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN
Apr 27 16:14:07 fc4 pluto[28632]: packet from yyy.yyy.yyy.yyy:500:
received and ignored informational message
More information about the Users
mailing list