[Openswan Users] problems with vpn between cisco and openswan

Michael Stevens michael.stevens at dianomi.com
Mon Dec 14 09:58:35 EST 2009


Hi.

I'm trying to run a vpn between one machine running a cisco asa, and the
other running openswan. The openswan end is under my control.

The openswan end is a VPS running centos 5.4.

The tunnel definition is:

conn tunnelipsec
        type=           tunnel
        authby=         secret
        left=           a.b.c.d
    leftsourceip=    p.q.r.s
        leftnexthop=    %defaultroute
        leftsubnet=     192.168.2.0/24
        right=          l.m.n.o
        rightnexthop=   %defaultroute
        rightsubnet=    ef.f.g.h/24
        ike=            aes128-sha1-modp1024
        esp=            aes128-sha1
        keyexchange=    ike
        pfs=            yes
        auto=           start
    keylife=    86400s

I've obviously censored the IP addresses involved.

I get various messages in the logs, at the moment I'm seeing a lot of:

Dec 14 14:56:11 foo pluto[20102]: "tunnelipsec" #11: ignoring informational
payload, type INVALID_SPI msgid=00000000

The VPN works fine for a few hours, then drops. I've not worked out what the
trigger is.

-- 
Michael Stevens
Dianomi Ltd
18 Buckingham Gate
London SW1E 6LB

Tel: 020 7802 5530
Fax: 020 7630 7356
www.dianomi.com

The information in this message and any attachment is intended for the
addressee and is confidential and may be subject to legal privilege. Dianomi
Ltd, Registered Office: One America Square, Crosswall, London. EC3N 2SG.
Registered in England and Wales with Company Registration Number 4513809.
VAT registration number: 809754988
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091214/e80c4a55/attachment.html 


More information about the Users mailing list