[Openswan Users] vpnc-0.5.1 failed to connect to openswan-2.4.11

zhengfish zhengfish at gmail.com
Sun Dec 30 10:43:37 EST 2007 

I just try to test vpnc(Client) connecting openswan(Server), the topo as 
following:

    [vpnc/centos-4.5] +---------------+ [openswan/centos-4.5]
                                |                         |
                    192.168.1.10     192.168.1.3

--------------------------------client.vpnc.config.file-------------------------------------------
# cat vpnc.conf
IPSec gateway 192.168.1.3
IPSec ID @rw.vpnc
IPSec secret ipsec123
Xauth username linux
Xauth password linux123

--------------------------------server.openswan.config.files-------------------------------------------
# cat /etc/ipsec.conf
version 2.0

config setup
    interfaces=%defaultroute
    nat_traversal=yes
    nhelpers=0

conn %defaults
    left=%defaultroute
    leftid=@gw.centos
    auto=add
    authby=secret
    keyingtries=0

conn conn-vpnc
    #right=%any
    right=192.168.1.10
    rightsubnet=192.168.5.1/24
    rightid=@rw.vpnc
    rightnexthop=%defaultroute
    keyexchange=ike
    esp=3des-sha1
    ike=3des-sha1
    auto=add
    auth=esp
    authby=secret
    pfs=no
    aggrmode=yes
    xauth=yes
    leftxauthserver=yes
    rightxauthclient=yes

include /etc/ipsec.d/examples/no_oe.conf


# cat /etc/ipsec.secrets
......
192.168.1.3 %any : PSK "ipsec123"

-------------------------------server.log-------------------------------------------------------
# tail -f /var/log/secure
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [XAUTH]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [Cisco-Unity]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [RFC 3947] method set to=109
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, 
but already using method 109
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 109
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: 
ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [Dead Peer Detection]
Dec 30 23:27:42 zheng pluto[6840]: packet from 192.168.1.10:500: initial 
Aggressive Mode message from 192.168.1.10 but no (wildcard) connection 
has been configured
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [XAUTH]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [Cisco-Unity]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [RFC 3947] method set to=109
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, 
but already using method 109
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 109
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: 
ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [Dead Peer Detection]
Dec 30 23:27:45 zheng pluto[6840]: packet from 192.168.1.10:500: initial 
Aggressive Mode message from 192.168.1.10 but no (wildcard) connection 
has been configured
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [XAUTH]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [Cisco-Unity]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [RFC 3947] method set to=109
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, 
but already using method 109
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 109
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: 
ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: 
received Vendor ID payload [Dead Peer Detection]
Dec 30 23:27:52 zheng pluto[6840]: packet from 192.168.1.10:500: initial 
Aggressive Mode message from 192.168.1.10 but no (wildcard) connection 
has been configured

More information about the Users mailing list