[Openswan Users] Why won't the tunnel come up? (Was: Config file Question.)

Paul Wouters paul at xelerance.com
Mon Feb 23 12:45:23 EST 2009


On Mon, 23 Feb 2009, Magnus Holmberg wrote:

> Just recieved an e-mail saying that they use 256 bit so I changed the config to:
> 
> ike=aes256-sha1-modp1024
> esp=aes256-sha1
> 
> Now it seems to pass step 1 and in it stays with:
> 
> Feb 23 17:05:41 fw pluto[19900]: "VPN" #17: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #16
> {using isakmp#3}
> Feb 23 17:06:51 fw pluto[19900]: "VPN" #17: max number of retransmissions (2) reached STATE_QUICK_I1.  No
> acceptable response to our first Quick Mode message: perhaps peer likes no proposal
> Feb 23 17:06:51 fw pluto[19900]: "VPN" #17: starting keying attempt 12 of an unlimited number
> Feb 23 17:06:51 fw pluto[19900]: "VPN" #18: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #17
> {using isakmp#3}
> 
> What could be the problem here? Is there some more debug info I can turn on?

Not much, since the other end is rejecting the connection and not telling you why.
Ask for the logs on the other end.

Are you sure they want modp1024? 1536 or 2048 is more likely these days.

Paul


More information about the Users mailing list