[Openswan Users] trying to connect OpenSWAN 2.6.19 to a Netgear FVS338

Marcos Hacker mfhacker at hotmail.com
Mon May 18 15:44:57 EDT 2009



Hi Paul,

Does it make a difference if we use the whack command line or ipsec.conf? I'm not sure why using the whack command line was chosen. It was probably the easier route at the time. 

If the right/Netgear certificate is not loaded on the left/Linux device manually, then it is not sent over (after checking ipsec auto --listall). 

After reading about the 3/30/09 security release, I upgraded from OpenSWAN 2.6.19 to 2.6.21 and can no longer get the IPSec SA established. If I revert back to 2.6.19, the connection establishes as expected. Again, in both cases, we have the public certificate from the right manually loaded on the left. 

2.6.19
pluto[237]: "vpn_tunnel" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
pluto[237]: "vpn_tunnel" #2: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+UP {using isakmp#1 msgid:9763cb37 proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}
pluto[237]: "vpn_tunnel" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
pluto[237]: "vpn_tunnel" #1: received and ignored informational message
pluto[237]: "vpn_tunnel" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
pluto[237]: "vpn_tunnel" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x0eb2fbef <0xa21036f0 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}

2.6.21
pluto[177]: "vpn_tunnel" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
pluto[177]: "vpn_tunnel" #2: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+UP {using isakmp#1 msgid:8499abd4 proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}
pluto[177]: "vpn_tunnel" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
pluto[177]: "vpn_tunnel" #1: received and ignored informational message
pluto[177]: "vpn_tunnel" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
pluto[177]: "vpn_tunnel" #1: received and ignored informational message
pluto[177]: "vpn_tunnel" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
pluto[177]: "vpn_tunnel" #1: received and ignored informational message
pluto[177]: "vpn_tunnel" #2: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal


Thanks again Paul,
marcos




_________________________________________________________________
Hotmail® goes with you. 
http://windowslive.com/Tutorial/Hotmail/Mobile?ocid=TXT_TAGLM_WL_HM_Tutorial_Mobile1_052009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090518/fb1ecd63/attachment.html 


More information about the Users mailing list