[Openswan Users] Connection against a Lucent FW success!!!! but may be there's still room for improvement

Paul Wouters paul at xelerance.com
Tue Sep 9 14:20:39 EDT 2008

On Tue, 9 Sep 2008, Rolando Zappacosta wrote:

>  just have this finally working!!!! :-))  I'll post a howto on it, I promess. Now, and as I get this:
> RJZ-LNX pluto # ipsec auto --up Intranet
> 112 "Intranet" #1: STATE_AGGR_I1: initiate
> 003 "Intranet" #1: ignoring unknown Vendor ID payload [4c5647392e322e3234353a425249434b3a392e322e323435]

If you have the logs from the lucent side, to see what vendorid is logged
on their side, I'd be interested so we can add it to our own recognised
vendor list (and possible take action based on it)

> I wonder if I should do something else because of these ones:
>  1) 003 "Intranet" #1: discarding duplicate packet; already STATE_XAUTH_I1
>  2) 003 "Intranet" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME

Looks like a resend, you can ignore it.

> and this one from pluto's debug:
>  3) "Intranet" #1: XAUTH: Unsupported attribute: INTERNAL_ADDRESS_EXPIRY

You can also ignore this. Openswan does not support INTERNAL_ADDRESS_EXPIRY,
so it wont drop the IP address or ask for a new one.


More information about the Users mailing list