[Openswan Users] Client VPN on Vista OS

Sasa sasa at shoponweb.it
Wed Oct 14 12:03:12 EDT 2009 

Hi, I have tried with "Openswan/Freeswan & NCP Secure Client" and with 
SafeNet SoftRemoteLT, with the last software I have in log file:

Oct 14 17:55:43 fw pluto[15319]: "left-road"[5] 89.97.x.y: deleting 
connection "left-road" instance with peer 89.97.x.y {isakmp=#0/ipsec=#0}
Oct 14 17:55:53 fw pluto[15319]: packet from 89.97.x.y:500: received Vendor 
ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 14 17:55:53 fw pluto[15319]: packet from 89.97.x.y:500: received Vendor 
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Oct 14 17:55:53 fw pluto[15319]: "left-road"[6] 89.97.x.y #6: responding to 
Main Mode from unknown peer 89.97.x.y
Oct 14 17:55:53 fw pluto[15319]: "left-road"[6] 89.97.x.y #6: OAKLEY_DES_CBC 
is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 14 17:55:53 fw pluto[15319]: "left-road"[6] 89.97.x.y #6: no acceptable 
Oakley Transform
Oct 14 17:55:53 fw pluto[15319]: "left-road"[6] 89.97.x.y #6: sending 
notification NO_PROPOSAL_CHOSEN to 89.97.x.y:500
Oct 14 17:55:53 fw pluto[15319]: "left-road"[6] 89.97.x.y: deleting 
connection "left-road" instance with peer 89.97.x.y {isakmp=#0/ipsec=#0}

Thanks.

------

   Salvatore.



----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "Sasa" <sasa at shoponweb.it>
Cc: <users at openswan.org>
Sent: Wednesday, October 14, 2009 4:05 PM
Subject: Re: [Openswan Users] Client VPN on Vista OS


> On Wed, 14 Oct 2009, Sasa wrote:
>
>> Oct 14 12:09:56 fw pluto[1950]: "left-road"[45] 89.97.x.y #33: Pluto does
>> not support HybridInitRSA authentication.  Attribute
>> OAKLEY_AUTHENTICATION_METHOD
>
> That looks like something we do not support and might be breaking your
> connection negotiation. If this is a software client, it either is 
> configured
> for a proprietary ipsec vendor product, or is hardcoded to only allow
> talking to a proprietary ipsec vendor product.
>
> There is an unsupported patch for hybrid mode in the contrib/ directory, 
> but
> I think that patch was written for openswan as a client, not as a server, 
> so
> I am not sure if it can be useful.
>
> Paul
>

More information about the Users mailing list