[Openswan Users] Tunnel not starting

Paul Wouters paul at xelerance.com
Wed May 28 18:15:47 EDT 2008

On Wed, 28 May 2008, Arjun Datta wrote:

> This is a FreeSWAN version 2.0 question concerning a pre-existing setup
> I have been asked to maintain.  Before anyone asks, I cannot upgrade the
> ipsec version as yet to openswan and and so am stuck using freeswan for
> now =)  (I know, I know, it's super old)

It is. I wouldnt call it secure at this point.

>         # (manual) base for SPI numbering; must end in 0
>         spibase=0x520

Why are you using manual keying? In fact you sort of are not.
>         # (auto) key-exchange type
>         keyexchange=ike
>         # (auto) key lifetime (before automatic rekeying)
>         keylife=8h
>         # (auto) how persistent to be in (re)keying negotiations (0
> means very)
>         keyingtries=0
>         auto=start

Because this says you are using automatic keying.

> When I try to (re)start the connection,
> left side says:

> 000 #25: "corp-atlantat1" STATE_MAIN_I1 (sent MI1, expecting MR1);

> Is this because right is freeswan 2.0 and left is freeswan 1.0 ?

Who knows with relics software like that. Normally, I would say
this is a firewall issue. You send 1 packet, the other end receives
0 packets.

Unless you work on the space shuttle or phoenix program though, I
would phase out freeswan ASAP.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list