[Openswan Users] Problem with authentication ?

Salvatore sasa at shoponweb.it
Sun Mar 4 16:34:24 EST 2007 

Hi, I use kernel 2.6.16.11 (with fedora core 4), openswan 2.4.5 with nat-t 
and klips patch, and xl2tp-1.1.06, occasionally with road connection I have 
a problem, in log file:

Mar  4 21:37:45 fw4 pluto[5818]: packet from 213.45.xxx.xxx:500: ignoring 
Vendor ID payload [FRAGMENTATION]
Mar  4 21:37:45 fw4 pluto[5818]: packet from 213.45.xxx.xxx:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Mar  4 21:37:45 fw4 pluto[5818]: packet from 213.45.xxx.xxx:500: ignoring 
Vendor ID payload [Vid-Initial-Contact]
Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: 
responding to Main Mode from unknown peer 213.45.xxx.xxxMar  4 21:37:45 fw4 
pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: policy does not allow 
OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD
Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: 
OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: 
OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: no 
acceptable Oakley Transform
Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx #4: sending 
notification NO_PROPOSAL_CHOSEN to 213.45.xxx.xxx:500
Mar  4 21:37:45 fw4 pluto[5818]: "left-road"[4] 213.45.xxx.xxx: deleting 
connection "left-road" instance with peer 213.45.xxx.xxx 
{isakmp=#0/ipsec=#0}
Mar  4 21:37:53 fw4 pluto[5818]: packet from 213.45.xxx.xxx:500: ignoring 
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Mar  4 21:37:53 fw4 pluto[5818]: packet from 213.45.xxx.xxx:500: ignoring 
Vendor ID payload [FRAGMENTATION]

My ipsec.conf:

config setup
eth0 e' l'int pub del fw
interfaces="ipsec0=eth0"
virtual_private=%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24
nat_traversal=yes
# default configuration
conn %default
authby=secret
conn left-road
auto=add
authby=secret
pfs=no
rekey=no
left=81.yyy.yyy.yyy
leftnexthop=81.yyy.yyy.zzz
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
include /etc/ipsec.d/examples/no_oe.conf


Thanks.

------
Salvatore.

More information about the Users mailing list