[Openswan Users] [Fwd: Tunnel established, no traffic]
Paul Wouters
paul at xelerance.com
Wed Aug 22 09:19:39 EDT 2007
On Wed, 22 Aug 2007, Ralf Guenthner wrote:
> I did a klipsdebug on the Openswan side and I found the following:
>
> (iv)=0x51854ff1cb28e34d iplen=100 esplen=88 sa=esp.7ed4a115 at 85.180.130.118
> klips_debug:ipsec_rcv: encalg = 12, authalg = 3.
> klips_debug:ipsec_rcv: auth failed on incoming packet from
Are you sure there is no "helpful" router at one end doing "IPsec passthrough"?
> I think the problem is the "auth failed" part. The FreeSwan side uses
> SuperFreeSwan 1.99.6.1. Could it be that Openswan doesn't like what it
> gets from that version? Is it possible that it won't work without a
> patch to the FreeSwan gateway? I searched the Net and found some
> postings to that respect but they were pertaining to another version of
> Openswan..
That sueprfreeswan surely needs upgrading (its 4 years old!) but it should
interoperate with openswan.
> I tried disabling compression on the Openswan side and turning pfs off
> but the result staid the same.
Perhaps try esp=3des ?
Paul
More information about the Users
mailing list