[Openswan Users] Openswan & ISAKMP (OpenBSD) interoperability
Laurent CARON
lcaron at unix-scripts.info
Tue Aug 26 13:14:18 EDT 2008
Peter McGill wrote:
> Laurent,
>
> The error your getting is caused by configuration mismatch.
>
> I've never attempted with isakmpd myself, but from the
> isakmpd ipsec.conf man page, I would suggest the following:
>
> OpenBSD ipsec.conf:
> ike esp from 10.50.0.0/24 to 192.168.9.0/24 peer 1.2.3.4 \
> main auth hmac-sha1 enc aes group modp1024 \
> quick auth hmac-sha1 enc aes group modp1024 \
> psk "mynicepassphrase"
>
> Linux ipsec.conf:
> conn lnx-bsd
> left=1.2.3.4
> leftsubnet=192.168.9.0/24
> right=2.3.4.5
> rightsubnet=10.50.0.0/24
> ike=aes-sha1;modp1024
> esp=aes-sha1
> pfs=yes
> authby=secret
> auto=start
>
Thanks,
I just tried it:
Had to change:
ike=aes-sha1-modp1024
on the linux box (; to -)
Linux log:
lnx-bsd" #2: STATE_MAIN_I3: sent MI3, expecting MR3
doesn't go further
bsd logs:
Aug 26 19:14:01 fw-001 isakmpd[24011]: dropped message from linux_PUBLIC
port 500 due to notification type PAYLOAD_MALFORMED
Aug 26 19:14:10 fw-001 isakmpd[24011]: message_parse_payloads: reserved
field non-zero: e4
Aug 26 19:14:10 fw-001 isakmpd[24011]: dropped message from linux_PUBLIC
port 500 due to notification type PAYLOAD_MALFORMED
Aug 26 19:14:31 fw-001 isakmpd[24011]: message_parse_payloads: reserved
field non-zero: e4
Aug 26 19:14:31 fw-001 isakmpd[24011]: dropped message from linux_PUBLIC
port 500 due to notification type PAYLOAD_MALFORMED
Seems a parameter is bad somewhere :(
Laurent
More information about the Users
mailing list