[Openswan Users] l2tp ike phase 2 quick mode message
Paul Wouters
paul at xelerance.com
Sat Feb 3 11:47:30 EST 2007
On Sat, 3 Feb 2007, George Wu wrote:
> I can set up openswan to talk to both openswan and strongswan.
> But when I try it with Xp(SP2) or windows 2003 (SP1). Neither works.
> My kernel is 2.6.17 using netkey.
> My openswan is 2.4.5
>
> It seems my /var/log/secure doesn't exists, I use tcpdump port 500
> to print the message. Also on windows, I check the file oakley.log file.
Find the right logfile, tcpdump is pretty useless, esp after phase 1 is
established and crypto is active.
> 2-03: 16:00:49:741:868 processing HASH (Notify/Delete)
> 2-03: 16:00:49:741:868 processing payload NOTIFY
> 2-03: 16:00:49:741:868 notify: INVALID-ID-INFORMATION
> 2-03: 16:00:49:741:868 isadb_set_status sa:018203C0 centry:00000000 status 3601
Seems openswan is rejecting the XP client. It should log why that is. check
your logs, daemon.log, auth.log or secure.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list