[Openswan Users] Openswan & ISAKMP (OpenBSD) interoperability
Laurent CARON
lcaron at unix-scripts.info
Tue Aug 26 11:25:57 EDT 2008
Hi,
I'm basically trying to setup a VPN between Openswan (Linux) and ISAKMPd
(OpenBSD).
1.2.3.4 the public IP of the linux box
2.3.4.5 the public IP of the bsd box
/etc/ipsec.conf on OpenBSD
ike esp from 10.50.0.0/24 to 192.168.9.0/24 \
peer 1.2.3.4 psk "mynicepassphrase"
/etc/ipsec.conf on Linux
conn lnx-bsd
leftsubnet=192.168.9.0/24
left=1.2.3.4
right=2.3.4.5
rightsubnet=10.50.0.0/24
authby=secret
auto=start
Needless to say there is a matching entry in /etc/ipsec.secrets
1.2.3.4 2.3.4.5 : PSK "mynicepassphrase"
Here are the logs on the BSD side:
Aug 26 17:26:09 fw-001 isakmpd[19145]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC
Aug 26 17:26:09 fw-001 last message repeated 3 times
Aug 26 17:26:09 fw-001 isakmpd[19145]: message_negotiate_sa: no
compatible proposal found
Aug 26 17:26:09 fw-001 isakmpd[19145]: dropped message from 1.2.3.4 port
500 due to notification type NO_PROPOSAL_CHOSEN
Here are the logs on the Linux side:
Aug 26 22:25:02 jakarta pluto[11508]: packet from 2.3.4.5:500: ignoring
informational payload, type NO_PROPOSAL_CHOSEN
Aug 26 22:25:02 jakarta pluto[11508]: packet from 2.3.4.5:500: received
and ignored informational message
Did anyone set-up such a vpn between ISAKMPd and OpenSwan ?
Thanks
Laurent
More information about the Users
mailing list