[Openswan Users] STATE_MAIN_I3 failed: INVALID_ID_INFORMATION

Peter McGill petermcgill at goco.net
Fri Jun 13 10:31:30 EDT 2008 

Tharanga,

Athough this isn't the cause of your problem, you should set plutodebug=none.
plutodebug only results in hiding the usefull (to users) log info in a mountain,
of developer debug info, which isn't helpful for most cases. It also fills your
logs and hard disk...

I suspect the cause of your trouble is leftid= and rightid= which your missing
from your conn definition. They default to left= and right= respectively and
must match what is set on the other side (cisco pix). I'm not sure what the
corresponding cisco pix values are, but if you refer to the connection or
endpoints by name anywhere in the pix config, try putting those names in the
left/rightid= values.

It could also be your missing rightsubnet= which also defaults to right=
(ie no subnet just the server), is this really what you want? Again the
subnet lines must match the subnets set on the cisco pix.

Which side is the cisco pix (right?) and left is openswan?
This would be the recommended setup, for consistancy and help on the list,
use left = local (openswan) and right = remote (other end, openswan or other).

You can add comments to your config to make it clear to yourself and others, ie:
	left=203.94.xx.xx # openswan
	right=194.247.yy.yy # cisco pix

If your still having trouble, try sending more info including cisco pix config.

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Tharanga
> Sent: June 12, 2008 10:42 PM
> To: users at openswan.org
> Subject: [Openswan Users] STATE_MAIN_I3 failed: INVALID_ID_INFORMATION
> 
> Hi all,
> 
> i am conneting to my Provider via IPSEC. i have enabled (both parties)
> 3DES,SHA1, and DH group 5, witha  a  preshared key. (iam 
> connecting to a
> cisco pix)
> 
> but when i try to establish a connection it says
> 
> Notify Message Type: INVALID_ID_INFORMATION
> 
> 
> my my ipsec.conf look like this.
> 
> config setup
>          interfaces="ipsec0=eth1"
>          plutodebug= all
>           klipsdebug= none
> 
> 
> conn tunnelipsec
>         type=tunnel
>         authby=secret
>         #keyingtries=2
>         aggrmode=no
>         left=203.94.xx.xx
>         leftnexthop=203.94.xx.y
>         leftsubnet=147.120.0.0/24
>         right=194.247.yy.yy
>         esp=3des-sha1
>         ike=3des-sha1-modp1536
>         keyexchange=ike
>         #compress=yes
>         #xauth=yes
>         pfs=no
>         auto=start
> 
> pls let me know what is missing in this config.
> 
> many thanks,
> Tharanga
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155

More information about the Users mailing list