[Openswan Users] Nokia E71 VPN OpenSwan Problem IPSec (BAD_PROPOSAL_SYNTAX)

lists+openswan at roth.lu lists+openswan at roth.lu
Mon Jul 13 13:01:23 EDT 2009


Hi there,
just wanted to draw your attention to Bug #1048 this way ;-)
https://gsoc.xelerance.com/issues/1048

My Nokia E71 cannot connect to OpenSwan probably because of a
BAD_PROPOSAL_SYNTAX problem.
There are articles out there that people use the device successfully.

So, anyone got an idea what could be wrong?

First, there is a
mark5 pluto17593: "e71-psk"[4] 77.23.XXX #7: no Phase1 state for Quick
mode notification
mark5 pluto17593: | state transition function for STATE_QUICK_R0 failed:
BAD_PROPOSAL_SYNTAX

Then, XAUTH succeeds and then it does over and over again the following:

Jul 12 23:22:22 mark5 pluto17593: "e71-psk"[4] 77.23.XXX #6: Quick Mode
I1 message is unacceptable because it uses a previously used Message ID
0x69781210 (perhaps this is a duplicated packet)
Jul 12 23:22:22 mark5 pluto17593: "e71-psk"[4] 77.23.XXX #6: sending
encrypted notification INVALID_MESSAGE_ID to 77.23.20.169:4500

:-(

Client: Nokia E71 210.21.006
I have tried these 2 versions of the VPN client on my phone:
[ ] MVPN_S60_v3_1_080407.sisx
[ ] MVPN_S60_v3_1_080826.sisx
[X] mVPN_S60_v3_1_081222.SISX
[ ] mVPN_S60_v3_1_090227.SISX
[X] mVPN_S60_v3_1_090519.SISX

Server: Linux Openswan U2.4.6/K2.6.24-etchnhalf.1-686 (netkey)

conn e71-psk # Key exchange
ike=aes256-sha1-modp1536 # Data exchange
esp=aes256-sha1 # Authentication method PSK
authby=secret
auto=add
keyingtries=3
rekey=no
pfs=no # Modeconfig setting
modecfgpull=yes # local endpoint
left=88.XXXXX
##leftnexthop=%defaultroute
leftxauthserver=yes
leftmodecfgserver=yes
leftsourceip=10.28.39.1
leftsubnet=0.0.0.0/0 # remote endpoint
right=%any
rightxauthclient=yes
rightmodecfgclient=yes
rightsourceip=10.28.39.2
rightsubnet=10.28.39.2/32

A full debug log can be found in the bug report.
https://gsoc.xelerance.com/issues/1048

Thanks and regards
Mark


More information about the Users mailing list