[Openswan Users] Connecting to Checkpoint VPN-1
Eugene Kotlyarov
e.kotlyarov at gmail.com
Sat Apr 4 05:27:40 EDT 2009
Hi
Kerese Péter wrote:
> Use ipsec auto --add and ipsec auto --up to establish the connection and
> watch the logs. If you cannot figure out what can be wrong then you can
> increase the debug level with ipsec whack to the specified tunnel only or
> just simply look for the word 'known' since checkpoint likes to offer
> different netmasks and openswan selects the connection based on the
> proposal.
>
Thanks for recommendations!
But I have the following problem. Do you know why this could be?
Does this mean that ike parameter is right and esp parameter is wrong?
Is there a way to find out what parameters to use from configuration of
Securemote client on windows if I have working connection there?
Apr 4 13:16:25 ekot-desktop pluto[12543]: "checkpoint-openswan" #1:
initiating Main Mode
Apr 4 13:16:25 ekot-desktop pluto[12543]: "checkpoint-openswan" #1:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Apr 4 13:16:25 ekot-desktop pluto[12543]: "checkpoint-openswan" #1:
enabling possible NAT-traversal with method draft-ietf-ipsec-nat-t-ike-02/03
Apr 4 13:16:25 ekot-desktop pluto[12543]: "checkpoint-openswan" #1:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 4 13:16:25 ekot-desktop pluto[12543]: "checkpoint-openswan" #1:
STATE_MAIN_I2: sent MI2, expecting MR2
Apr 4 13:16:25 ekot-desktop pluto[12543]: "checkpoint-openswan" #1: more
than 20 payloads in message; ignored
Apr 4 13:16:25 ekot-desktop pluto[12543]: | payload malformed after IV
Apr 4 13:16:25 ekot-desktop pluto[12543]: |
Apr 4 13:16:25 ekot-desktop pluto[12543]: "checkpoint-openswan" #1: sending
notification PAYLOAD_MALFORMED to xxx.xxx.xxx.xxx:500
Apr 4 13:16:27 ekot-desktop pluto[12543]: "checkpoint-openswan" #1: more
than 20 payloads in message; ignored
Apr 4 13:16:27 ekot-desktop pluto[12543]: | payload malformed after IV
More information about the Users
mailing list