[Openswan Users] Linux client connection fails: No acceptable response to Quick Mode message

Marko Asplund marko.asplund at gmail.com
Wed Jan 17 14:47:06 EST 2007


I'm having problems setting up a L2TP/IPsec client connection with
X.509 certificate authentication to our company gateway.

I get the following error message when I try to establish the IPsec connection:

linux-lq5c:/etc/ipsec.d/cacerts # ipsec auto --up acme-vpn
104 "acme-vpn" #1: STATE_MAIN_I1: initiate
003 "acme-vpn" #1: ignoring unknown Vendor ID payload [4f455a7e4261425d725c705f]
003 "acme-vpn" #1: received Vendor ID payload [Dead Peer Detection]
003 "acme-vpn" #1: received Vendor ID payload [RFC 3947] method set to=110
106 "acme-vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "acme-vpn" #1: NAT-Traversal: Result using 3: i am NATed
108 "acme-vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "acme-vpn" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1536}
117 "acme-vpn" #2: STATE_QUICK_I1: initiate
010 "acme-vpn" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "acme-vpn" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "acme-vpn" #2: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode
message: perhaps peer likes no proposal
000 "acme-vpn" #2: starting keying attempt 2 of at most 3, but releasing whack

There seems to be some interaction taking place with the server but
how far does the connection establishment actually get?
Any ideas on what's going wrong here?

Which software should I use for creating the L2TP tunnel?

Here's some software configuration details:
- openSUSE 10.2
- kernel 2.6.18.2-34
- openswan-2.4.6-25
- ipsec-tools-0.6.5-37


The attached files contain extracts from /var/log/messages (with
plutodebug on and off) and my vpn config file.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vpn-messages-debug.log.gz
Type: application/x-gzip
Size: 29754 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20070117/3f816054/attachment-0001.gz 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: acme-vpn.conf
Type: application/octet-stream
Size: 1508 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20070117/3f816054/attachment-0001.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vpn-messages.log
Type: text/x-log
Size: 6746 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20070117/3f816054/attachment-0001.bin 


More information about the Users mailing list