[Openswan Users] Netgear DG834 (fwd)

Dale Taylor dale at bluehall.net
Tue Feb 27 06:45:46 EST 2007 

Still getting the string error, but reloading the secrets has brought the
link up successfully.

Many thanks

Dale

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Dale Taylor
Sent: 27 February 2007 09:54
To: 'Paul Wouters'
Cc: users at openswan.org
Subject: Re: [Openswan Users] Netgear DG834 (fwd)

Many thanks for your help...

Switched on PFS at both ends and getting much better error messages:

003 "someone" #64: received Vendor ID payload [Dead Peer Detection]
003 "someone" #64: Can't authenticate: no preshared key found for
`me at localid.org' and `id at remoteid.org'.  Attribute
OAKLEY_AUTHENTICATION_METHOD
003 "someone" #64: no acceptable Oakley Transform
214 "someone" #64: STATE_MAIN_I1: NO_PROPOSAL_CHOSEN

Although still getting the following when doing an ipsec auto --add someone:

003 ike string error: hash_alg not found, enc_alg="3des", auth_alg="sha1",
modp="modp1024"

Using openswan version:

Linux Openswan U2.2.0/K2.4.27-3-386 (native)

Thanks

Dale

PS: Ive ordered the book, should arrive in 4 days!

 

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: 26 February 2007 22:58
To: Dale Taylor
Cc: users at openswan.org
Subject: [Openswan Users] Netgear DG834 (fwd)


> 003 ike string error: hash_alg not found, enc_alg="3des", auth_alg="sha1",
> modp="modp1024"
>
> conn someone
>         type=tunnel
>         authby=secret
>         keyexchange=ike
>         auto=start
>         pfs=no
>         # aggrmode=yes
>         ike=3des-sha1-modp1024
>         esp=3des-sha1
>         # LOCAL
>         left=%defaultroute
>         leftsubnet=192.168.10.0/24
>         leftid=me at localid.org
>         # REMOTE
>         right=someone.dyndns.org
>         rightsubnet=192.168.254.0/24
>         rightnexthop=%defaultroute
>         rightid=id at remoteid.org

I added this to our test server and did: ipsec auto --add someone:

Feb 26 23:29:56 testserver pluto[1879]: added connection description
"someone"

What version of openswan is this? You can try using "sha" instead of "sha1"
for some older versions.

> PFS: Off

Your openswan config is using PFS. If possible you should change it on the
other end as well. If you can't, add pfs=no and leave out the modpgroup
setting.

Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list