[Openswan Users] Possible authentica tion failure: no acceptable response to our first encrypted message

Mon Jul 20 10:57:39 EDT 2009

Hello,

I'm using opensawn and I need to set up a ipsec connection with a site
- checkpoint device.
All I know about the other site is the vpn specification, which
administrator of the site sent me:
IKE phase1
key exchnange encryption         AES-256
data integrity                         SH1
Diffie-Helman grup                 Grup 5 1536 bit
renegotiation                     480min

IPSEC Phase 2

IPSEC data encryption                 AES-256
data integrity                         SH1
Perfect forward secrecy:                ON
Diffie Helman grup                Grup5 1536 bit
renegotiation                        3600s

Pre-shared key: xxx

So I've created a openswan config as follows:
conn xxx
        type=tunnel
        leftid=MY_IP
        leftsubnet=MY_SUBNET
        leftnexthop=MY_NEXT_HOP
        left=MY_IP
        right=SITE_IP
        rightsubnet=SITE_SUBNET
        rightnexthop=MY_NEXT_HOP
        rightid=SITE_SUBNET
        ikelifetime=480m
        keylife=3600s
        pfs=no
        esp=aes256-sha1
        ike=aes256-sha1-modp1536
        compress=no
        authby=secret
        keyexchange=ike
        keyingtries=0
        auto=start

In the var/log/auth.log I've received:

 vpn pluto[28535]: "xxx" #1: max number of retransmissions (2) reached
STATE_MAIN_I3.  Possible authentica
tion failure: no acceptable response to our first encrypted message
 vpn pluto[28535]: "xxx" #1: starting keying attempt 2 of an unlimited number
 vpn pluto[28535]: | creating state object #12 at 0x8106d60
 vpn pluto[28535]: | processing connection kir

Any suggestion?

krabu