[Openswan Users] tunnel problem
Peter McGill
petermcgill at goco.net
Wed Jun 27 09:14:23 EDT 2007
> -----Original Message-----
> Date: Tue, 26 Jun 2007 19:12:16 +0000
> From: "Djiby SY" <sydjiby at gmail.com>
> Subject: [Openswan Users] tunnel problem
> To: users at openswan.org
>
> Hello All,
>
> I have problem with making up my tunnel.
> My config is Linux Openswan U2.4.4/K2.6.12-1.1372_FC3
> (netkey). The other
> side uses CISCO.
>
> Here is the log.
>
> 104 "" #9: STATE_MAIN_I1: initiate
> 003 "" #9: ignoring unknown Vendor ID payload
> [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
> 106 "" #9: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "" #9: received Vendor ID payload [Cisco-Unity]
> 003 "" #9: received Vendor ID payload [XAUTH]
> 003 "" #9: ignoring unknown Vendor ID payload
> [b1b9e7ec1671a8fb6186bf64f084352e]
> 003 "" #9: ignoring Vendor ID payload [Cisco VPN 3000 Series]
> 108 "" #9: STATE_MAIN_I3: sent MI3, expecting MR3
> 003 "" #9: received Vendor ID payload [Dead Peer Detection]
> 004 "" #9: STATE_MAIN_I4: ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> 117 "" #10: STATE_QUICK_I1: initiate
> 010 "" #10: STATE_QUICK_I1: retransmission; will wait 20s for response
> 010 "" #10: STATE_QUICK_I1: retransmission; will wait 40s for response
> 031 "" #10: max number of retransmissions (2) reached
> STATE_QUICK_I1. No
> acceptable response to our first Quick Mode message: perhaps
> peer likes no
> proposal
> 000 "" #10: starting keying attempt 2 of an unlimited number,
> but releasing
> whack
>
> What 's wrong?
>
> thanks
> Djiby
Do you permit esp traffic in your firewall rules?
iptables -t filter -I INPUT -p 50 -j ACCEPT
iptables -t filter -I OUTPUT -p 50 -j ACCEPT
Peter
More information about the Users
mailing list