[Openswan Users] openswan ipsec fos_start
Vieri
rentorbuy at yahoo.com
Fri May 18 05:49:39 EDT 2007
Hi,
I established an IPsec tunnel between openswan and a
remote Cisco device.
As you can see from the links I'm posting below, the
negotiation reaches STATE_MAIN_I4 (ISAKMP SA
established).
However, even after the tunnel is up, I can see
messages of type NO_PROPOSAL_CHOSEN and if I try to
ping a remote host at 150.2.101.89 from openswan's
local IP 10.215.144.92 I get a fos_start.
According to
http://archives.free.net.ph/message/20070221.014329.1fb781ba.en.html
there are
known issues regarding "recent" 2.6 kernels with
netkey but I'm using 2.6.16. Also, I've established
other IPsec tunnels between the same openswan server
and other openswan peers and pings go through
normally.
So it's probably because of the NO_PROPOSAL_CHOSEN but
I don't know what it refers to.
May 18 10:02:11 gw1 pluto[2608]: "ge-fhm" #1: ignoring
informational payload, type NO_PROPOSAL_CHOSEN
May 18 10:02:11 gw1 pluto[2608]: "ge-fhm" #1: received
and ignored informational message
May 18 10:02:20 gw1 pluto[2608]: initiate on demand
from 10.215.144.92:0 to 150.2.101.89:0 proto=0 state:
fos_start because: acquire
May 18 10:02:20 gw1 pluto[2608]: "ge-fhm" #4:
initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using
isakmp#1}
May 18 10:02:20 gw1 pluto[2608]: "ge-fhm" #1: ignoring
informational payload, type NO_PROPOSAL_CHOSEN
May 18 10:02:20 gw1 pluto[2608]: "ge-fhm" #1: received
and ignored informational message
ipsec auto --status:
https://fhm.zapto.org/GEVPN/status_ge.txt
ipsec barf:
https://fhm.zapto.org/GEVPN/barf_ge.txt
I'd appreciate suggestions.
Vieri
____________________________________________________________________________________Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/
More information about the Users
mailing list