[Openswan Users] Trying to use linux as VPN client
Sebastiaan van Erk
sebster at sebster.com
Thu Nov 20 13:34:14 EST 2008
Hi,
Thanks for the answer, and I figured as much, however I don't know what
part of the proposal the other end does not like... Also, I'm a bit of a
newbie, so I don't know what the STATE_QUICK_I1 means; does it mean that
something succeeded (the STATE_AGGR_I2 stuff)? It already took me a
couple hours to actually get it that far, at first that was failing too...
In GTA client I have the following settings under "Phase 1
(Authentication) (other than my preshared key and remote gateway):
IKE:
Encryption AES192, Authentication: SHA, Key Group: DH1024.
Under "Advanced" it has:
Aggressive mode enabled, NAT-T: Automatic (vs Disabled)
Local id: Type: email, value: sebster at sebster.com
Remote id: Type IP, value: the ipsec gateway
In GTA client I have the following settings under "Phase 2 (IPSec
Configuration):
ESP
Encryption: AES192, Authentication: SHA, Mode: Tunnel (oops, in my
config file I had mode transport, so I guess that's wrong, fixed it now
and put it on mode tunnel, but it still gives the same output).
PFS is checked, Group DH1024
Those are all the options available.
Is there a good way to debug this? I guess it's part of the security
that the other hand just plain says nothing instead of saying what's wrong.
Regards,
Sebastiaan
Paul Wouters wrote:
> On Thu, 20 Nov 2008, Sebastiaan van Erk wrote:
>
>> $ ipsec auto --up relate
>> 112 "relate" #1: STATE_AGGR_I1: initiate
>> 003 "relate" #1: received Vendor ID payload [Dead Peer Detection]
>> 004 "relate" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established
>> {auth=OAKLEY_PRESHARED_KEY cipher=aes_192 prf=oakley_sha group=modp1024}
>> 117 "relate" #2: STATE_QUICK_I1: initiate
>> 010 "relate" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
>> 010 "relate" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
>
> The other end does not like your proposal. You need to figure out what it is
> expecting from you.
>
> Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3315 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20081120/7fb6a03c/attachment.bin
More information about the Users
mailing list