[Openswan Users] Aggressive Mode Not Working?
czimmer at wczimmerman.dyndns.org
Tue Aug 12 22:36:25 EDT 2008
I have been trying to setup a tunnel between Linux and a Watchguard device
for some time now.
Linux=Ubuntu Gutsy with OpenSWAN 2.4.6 (from the respositories)
Watchguard=Firebox running 10.2
I can successfully build a Main Mode tunnel and ping across. My need is for
a tunnel when I'm on the road, hence the need for Aggressive mode. If I
duplicate my settings from main mode on both ends but change to use
aggressive mode the tunnel times out in the build. I have a snippet below
for what I think may be part of the cause, but I don't know what to make of
Aug 12 19:22:09 zp1 pluto: "watchguard-mobile" #1: initiating
Aggressive Mode #1, connection "watchguard-mobile"
Aug 12 19:22:09 zp1 pluto: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Aug 12 19:22:09 zp1 pluto: | asking helper 0 to do build_kenonce op
on seq: 1
Aug 12 19:22:09 zp1 pluto: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #1
Aug 12 19:22:09 zp1 pluto: ! helper -1 doing build_kenonce op id: 1
Aug 12 19:22:09 zp1 pluto: | next event EVENT_PENDING_PHASE2 in 113
Here's my ipsec.conf:
# Add connections here
#Disable Opportunistic Encryption
In my main mode config, I have NAT-T enabled because I'm behind a firewall.
For my mobile config, I'm using an cellular aircard, so NAT-T is disabled on
ANY assistance would be appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users