[Openswan Users] openswan to Instagate

Andy Gay andy at andynet.net
Fri Jun 1 09:07:30 EDT 2007 

On Thu, 2007-05-31 at 14:11 -0400, ACasella wrote:

> 2007 May 31 13:49:17 instagate 
> 2007 May 31 13:49:17 instagate **** RECEIVED  FIRST MESSAGE OF MAIN MODE **** 
> 2007 May 31 13:49:17 instagate 
> 2007 May 31 13:49:17 instagate <POLICY: > PAYLOADS: SA,PROP,TRANS,TRANS,TRANS,TRANS,VID,VID,VID,VID,VID,VID,VID
> 2007 May 31 13:49:17 instagate 
> 2007 May 31 13:49:17 instagate ERROR# NO MATCHING ISAKMP PROPOSAL FOR DIALUP CASE
> 2007 May 31 13:49:17 instagate 
> 2007 May 31 13:49:17 instagate SENDING NOTIFY MSG:
> 2007 May 31 13:49:17 instagate NO_PROPOSAL_CHOSEN

I've not seen or used one of these appliances, so this is just a guess.
But I wonder if by "dialup case" it means what everyone else calls
"roadwarrior". In other words, it can't identify the peer so it's trying
to find a roadwarrior config to use, but you don't have one configured.

If that's the case, then probably your config has a mismatch in the peer
identities and/or IP addresses. Can you show us any details of the
Instagate configuration? You may want to try removing the left/rightid
settings in your ipsec.conf.

Can you also please post the Openswan logs.


> The instagate has limited choices for various IKE, DH and SPF.
> 
> The defaults are:  3DES enc,SHA-1 auth,DH2 
> and 		:  3DES enc, MD5 auth, DH2
> Strict PFS is disabled.
> Key refresh is 24 hours
> And key management is preshared key.
> 
> My conf is
> 
> conn host-to-host
>     type=tunnel
>     authby=secret
>     left=207.61.yyy.yyy
>     leftid=@yyyy
>     leftnexthop=%defaultroute
>     right=72.55.xxx.xxx
>     rightid=@xxxx
>     rightnexthop=%defaultroute
>     esp=3des-md5-96,3des-sha1
>     keyexchange=    ike
>     pfs=            no
>     auto=add
> 
> What conf settings am I getting wrong in this set up?

> 
> Thank you
> 
> Antony Casella
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list