[Openswan Users] problems with vpn between cisco and openswan

Michael Stevens michael.stevens at dianomi.com
Mon Dec 14 09:58:35 EST 2009


I'm trying to run a vpn between one machine running a cisco asa, and the
other running openswan. The openswan end is under my control.

The openswan end is a VPS running centos 5.4.

The tunnel definition is:

conn tunnelipsec
        type=           tunnel
        authby=         secret
        left=           a.b.c.d
    leftsourceip=    p.q.r.s
        leftnexthop=    %defaultroute
        right=          l.m.n.o
        rightnexthop=   %defaultroute
        rightsubnet=    ef.f.g.h/24
        ike=            aes128-sha1-modp1024
        esp=            aes128-sha1
        keyexchange=    ike
        pfs=            yes
        auto=           start
    keylife=    86400s

I've obviously censored the IP addresses involved.

I get various messages in the logs, at the moment I'm seeing a lot of:

Dec 14 14:56:11 foo pluto[20102]: "tunnelipsec" #11: ignoring informational
payload, type INVALID_SPI msgid=00000000

The VPN works fine for a few hours, then drops. I've not worked out what the
trigger is.

Michael Stevens
Dianomi Ltd
18 Buckingham Gate
London SW1E 6LB

Tel: 020 7802 5530
Fax: 020 7630 7356

The information in this message and any attachment is intended for the
addressee and is confidential and may be subject to legal privilege. Dianomi
Ltd, Registered Office: One America Square, Crosswall, London. EC3N 2SG.
Registered in England and Wales with Company Registration Number 4513809.
VAT registration number: 809754988
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091214/e80c4a55/attachment.html 

More information about the Users mailing list