[Openswan Users] What is the problem?
Magnus Holmberg
magnus.holmberg at pepto.se
Wed Mar 28 08:51:15 EDT 2007
*What I also recieved from the one i try to connect is this:
Recommended Cisco Commands:*
crypto isakmp policy x
encr 3des
authentication pre-share
group 2
lifetime 500
!
crypto isakmp key aaaaaaaaa address X.X.192.141
!
crypto ipsec transform-set esp_sha_hamc esp-3des esp-sha-hmac
!
crypto map Customer 2 ipsec-isakmp
set peer X.X.192.141
set transform-set esp_sha_hamc
match address xxx
Is my setup below correct due to this?
BR
magnus
Magnus Holmberg wrote:
> It seems like my vpn connection have stopped working. Can someone tell
> me what the problem seems to be?
> I cant think of anything changed in my end since it worked last time.
>
> My log:
>
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: transition from
> state STATE_MAIN_I1 to state STATE_MAIN_I2
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: STATE_MAIN_I2: sent
> MI2, expecting MR2
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: ignoring unknown
> Vendor ID payload [8f770f35da2b083ce66f4cb98ff43f5a]
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: I did not send a
> certificate because I do not have one.
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: transition from
> state STATE_MAIN_I2 to state STATE_MAIN_I3
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: STATE_MAIN_I3: sent
> MI3, expecting MR3
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: next payload type of
> ISAKMP Hash Payload has an unknown value: 24
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: malformed payload in
> packet
> Mar 28 13:58:14 fw pluto[16617]: | payload malformed after IV
> Mar 28 13:58:14 fw pluto[16617]: | 85 b6 cb 12 ab 66 3b 53
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: sending notification
> PAYLOAD_MALFORMED to X.X.192.141:500
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: Main mode peer ID is
> ID_IPV4_ADDR: 'X.X.192.141'
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: transition from
> state STATE_MAIN_I3 to state STATE_MAIN_I4
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: STATE_MAIN_I4:
> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: Dead Peer Detection
> (RFC 3706): not enabled because peer did not advertise it
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #4: initiating Quick
> Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#2}
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: ignoring
> informational payload, type NO_PROPOSAL_CHOSEN
> Mar 28 13:58:14 fw pluto[16617]: "MyConnection" #2: received and ignored
> informational message
>
>
>
> And config:
>
> config setup
> interfaces="ipsec0=eth0"
> syslog=auth.debug
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=all
> plutodebug=none
>
>
> # Add connections here.
>
> conn MyConnection
> authby=secret
> #auto=start
> auto=start
> dpddelay=3
> dpdtimeout=120
> dpdaction=restart
> rekey =yes
> #keyingtries=3
> keylife=30m
> ikelifetime=30m
> left=X.X.44.166
> leftnexthop=%direct
> leftsubnet=X.X.46.204/32
> pfs=yes
> right=X.X.192.141
> rightid=X.X.192.141
> rightnexthop=%direct
> rightsubnet=X.X.192.68/32
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070328/6dd954a8/attachment.html
More information about the Users
mailing list