[Openswan Users] Installation/setup issues...

Mark Williams mwp at mwp.id.au
Thu Mar 6 10:46:51 EST 2008


On Fri, Mar 7, 2008 at 1:36 AM, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 6 Mar 2008, Peter McGill wrote:
>
>  > I suspect that's due to Opportunistic encryption.
>  >
>  > Try adding the following to your ipsec.conf
>  >
>  > include /etc/ipsec.d/examples/no_oe.conf
>
>  Indeed. Those routes are IP addresses of root nameservers, to
>  limit the time the OE system needs to kick start itself.
>
>  They appear in /etc/ipsec.d/policies/clear

Ok, that fixes the routing issue, thanks.
However, im still having the connection issues...

[root at linux sbin]# ./ipsec auto --up cf
104 "cf" #1: STATE_MAIN_I1: initiate
003 "cf" #1: ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
003 "cf" #1: received Vendor ID payload [Dead Peer Detection]
003 "cf" #1: received Vendor ID payload [RFC 3947] method set to=109
106 "cf" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "cf" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
108 "cf" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "cf" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1536}
117 "cf" #2: STATE_QUICK_I1: initiate
010 "cf" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "cf" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "cf" #2: max number of retransmissions (2) reached STATE_QUICK_I1.
 No acceptable response to our first Quick Mode message: perhaps peer
likes no proposal
000 "cf" #2: starting keying attempt 2 of at most 10, but releasing whack

Oh, ill add too that ipsec/l2tp connection from a windows XP box to
the VPN server from the same NAT'ed LAN as the linux box im trying to
setup the openswan client from, works perfectly.

Sigh...

Thanks again,
Mark.


More information about the Users mailing list