[Openswan Users] Openswan and Netgear SRXN3205

Paul Wouters paul at xelerance.com
Thu Aug 27 19:09:19 EDT 2009


On Thu, 27 Aug 2009, JT Edwards wrote:

> 15:17:46 wizzer8 pluto[12887]: packet from 22.210.33.11:500: ignoring unknown 
> Vendor ID payload [810fa565f8ab14369105d706fbd57279]
> Aug 27 15:17:46 wizzer8 pluto[12887]: packet from 22.210.33.11:500: ignoring 
> unknown Vendor ID payload [3b9031dce4fcf88b489a923963dd0c49]
> Aug 27 15:17:46 wizzer8 pluto[12887]: packet from 22.210.33.11:500: initial 
> Aggressive Mode message from 22.210.33.11 but no (wildcard) connection has 
> been configured with policy=PSK
>
> Both sides have the PSK identified

But apparently you do not have aggressive mode enabled and the other end is
asking for it.

> conn net-to-net
>   left=11.231.29.12
>   leftsubnet=192.168.1.0/24
>   leftnexthop=%defaultroute
>   right=22.210.33.11
>   rightsubnet=192.168.122.0/24
>   rightnexthop=%defaultroute
>   auto=add                       # authorizes but doesn't start this
>                                  # connection at startup
>   authby=secret

Do NOT put blanc comment lines in the middle of a secion, it will mean the
section ended. So now your authby=secret is not part of "conn net-to-net".
So remove the "# connection at startup" line.

And add aggrmode=yes as the other end apparently is expecting that.

Paul


More information about the Users mailing list