[Openswan Users] openswan+netkey <-> racoon on linux
Peter Rosenthal
voiperster at gmail.com
Tue Jul 15 22:48:54 EDT 2008
Hello,
With the release of openswan-2.6.14 on RHEL5 I have converted a couple of my
boxes to use it instead of racoon.
Unfortunately I have had zero luck in getting openswan to connect a tunnel
to racoon on a RHEL4 box. Openswan receives notification that no proposal
was accepted while racoon says:
Jul 15 22:39:28 hydrogen racoon: INFO: received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02
Jul 15 22:39:28 hydrogen racoon: INFO: ISAKMP-SA established
A.A.A.A[500]-B.B.B.B[500] spi:cfa1fcf5e06c7a27:2f6faeb747e5944b
Jul 15 22:39:28 hydrogen racoon: INFO: respond new phase 2 negotiation:
A.A.A.A[0]<=>B.B.B.B[0]
Jul 15 22:39:28 hydrogen racoon: ERROR: not matched
Jul 15 22:39:28 hydrogen racoon: ERROR: no suitable policy found.
Jul 15 22:39:28 hydrogen racoon: ERROR: failed to pre-process packet.
setkey on openswan says:
172.16.0.0/24[any] 192.168.40.0/24[any] any
out prio high + 1073739480 ipsec
esp/transport//require
created: Jul 16 02:45:12 2008 lastused:
lifetime: 0(s) validtime: 0(s)
spid=5193 seq=14 pid=9375
refcnt=1
While on racoon box it says:
192.168.40.0/24[any] 172.16.0.0/24[any] any
out ipsec
esp/tunnel/A.A.A.A-B.B.B.B/require
ah/tunnel/A.A.A.A-B.B.B.B/require
created: Jul 15 20:44:29 2008 lastused:
lifetime: 0(s) validtime: 0(s)
spid=785 seq=20 pid=13338
refcnt=1
172.16.0.0/24[any] 192.168.40.0/24[any] any
fwd ipsec
esp/tunnel/B.B.B.B-A.A.A.A/require
ah/tunnel/B.B.B.B-A.A.A.A/require
created: Jul 15 20:44:29 2008 lastused:
lifetime: 0(s) validtime: 0(s)
spid=802 seq=16 pid=13338
refcnt=1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080716/5fc5de4f/attachment.html
More information about the Users
mailing list