[Openswan Users] OpenSwan's vendor ID field

Rolando Zappacosta zappacor at yahoo.com.ar
Wed Feb 27 06:09:00 EST 2008 

Hi Paul,

First of all, lots of thanks for your response and
help!!!! I really appreciate it!!!

Now, I could get to conclude the Vendor ID was not the
root cause, or at least that seems to be the case
(I'll give it a try anyways).

The problem is now OpenSwan rejects the Hash payload
received from the server even though the PSK is
definitively the right one. Sorry for what can be a
stupid question, but what else could cause OpenSwan to
reject the hash (I attached the pluto full debug trace
and the traffic capture):

Feb 24 11:42:26 HostName pluto[2712]: | started
looking for secret for !@#$%-><Server's IP was here>
of kind PPK_PSK
Feb 24 11:42:26 HostName pluto[2712]: | actually
looking for secret for !@#$%-><Server's IP was here>
of kind PPK_PSK
Feb 24 11:42:26 HostName pluto[2712]: | 1: compared
PSK <Server's IP was here> to !@#$% / <Server's IP was
here> -> 2
Feb 24 11:42:26 HostName pluto[2712]: | 2: compared
PSK !@#$% to !@#$% / <Server's IP was here> -> 6
Feb 24 11:42:26 HostName pluto[2712]: | best_match 0>6
best=0x8108060 (line=1)
Feb 24 11:42:26 HostName pluto[2712]: | concluding
with best_match=6 best=0x8108060 (lineno=1)
Feb 24 11:42:26 HostName pluto[2712]: | ******parse
ISAKMP Oakley attribute:
Feb 24 11:42:26 HostName pluto[2712]: |    af+type:
OAKLEY_GROUP_DESCRIPTION
Feb 24 11:42:26 HostName pluto[2712]: |   
length/value: 2
Feb 24 11:42:26 HostName pluto[2712]: |    [2 is
OAKLEY_GROUP_MODP1024]
Feb 24 11:42:26 HostName pluto[2712]: | Oakley
Transform 0 accepted
Feb 24 11:42:26 HostName pluto[2712]: | ICOOKIE:  ef
93 f6 75  d3 f5 72 c9
Feb 24 11:42:26 HostName pluto[2712]: | RCOOKIE:  00
00 00 00  00 00 00 00
Feb 24 11:42:26 HostName pluto[2712]: | peer:  87 f4
3f fe
Feb 24 11:42:26 HostName pluto[2712]: | state hash
entry 4
Feb 24 11:42:26 HostName pluto[2712]: | ICOOKIE:  ef
93 f6 75  d3 f5 72 c9
Feb 24 11:42:26 HostName pluto[2712]: | RCOOKIE:  fd
8d 7b 2d  b4 90 dd f4
Feb 24 11:42:26 HostName pluto[2712]: | peer:  87 f4
3f fe
Feb 24 11:42:26 HostName pluto[2712]: | state hash
entry 1
Feb 24 11:42:26 HostName pluto[2712]: | started
looking for secret for !@#$%-><Server's IP was here>
of kind PPK_PSK
Feb 24 11:42:26 HostName pluto[2712]: | actually
looking for secret for !@#$%-><Server's IP was here>
of kind PPK_PSK
Feb 24 11:42:26 HostName pluto[2712]: | 1: compared
PSK <Server's IP was here> to !@#$% / <Server's IP was
here> -> 2
Feb 24 11:42:26 HostName pluto[2712]: | 2: compared
PSK !@#$% to !@#$% / <Server's IP was here> -> 6
Feb 24 11:42:26 HostName pluto[2712]: | best_match 0>6
best=0x8108060 (line=1)
Feb 24 11:42:26 HostName pluto[2712]: | concluding
with best_match=6 best=0x8108060 (lineno=1)
Feb 24 11:42:26 HostName pluto[2712]: "Intranet" #1:
Aggressive mode peer ID is ID_IPV4_ADDR: '<Server's IP
was here>'
Feb 24 11:42:26 HostName pluto[2712]: "Intranet" #1:
received Hash Payload does not match computed value
Feb 24 11:42:26 HostName pluto[2712]: | complete state
transition with (null)
Feb 24 11:42:26 HostName pluto[2712]: "Intranet" #1:
sending notification INVALID_HASH_INFORMATION to
<Server's IP was here>:500


-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Wednesday, February 27, 2008 11:53 AM
To: ZAPPACOSTA, Rolando (Rolando)
Subject: Re: OpenSwan's vendor ID field

On Fri, 22 Feb 2008, Rolando J. Zappacosta wrote:

>
> 	I saw a post from you
>
(http://lists.openswan.org/pipermail/users/2007-November/013599.html)
and I'm
> facing the same issue: I need to change the vendor
ID to match the one the
> server expects (it's a Lucent FW).
>
> 	Did you succed to change it? In case yes, how?

I just replied to someone asking a related question. 

You can change the vendor, but it is not a runtime
option. Check:

programs/pluto/vendor.c: init_vendorid()
programs/pluto/ipsec_doi.c: init_pluto_vendorid()

Paul
-- 
Building and integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ISAKMP-linux-pluto-2.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20080227/8e278035/attachment-0002.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ISAKMP-linux-capture-2.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20080227/8e278035/attachment-0003.txt

More information about the Users mailing list