[Openswan Users] Openswan and V-IPSecure
JT Edwards
tstrike34 at gmail.com
Wed Sep 2 02:09:37 EDT 2009
To all:
I have researched all the material that in the archives.
I configured V-IPSecure for Ike VPN with certificates. After following the instructions for generating certificates (to include a key) I attempted to start connection to a Openswan VPN gateway. We reach the 2nd stage of the Ike negotiations when I get these messages:
ep 1 17:58:13 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45.6 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 1 17:58:13 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 1 17:58:13 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1: ignoring Vendor ID payload [KAME/racoon]
Sep 1 17:58:13 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 1 17:58:13 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 1 17:58:14 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1: Main mode peer ID is ID_IPV4_ADDR: '22.45.'
Sep 1 17:58:14 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1: no suitable connection for peer '22.45.'
Sep 1 17:58:14 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1: sending encrypted notification INVALID_ID_INFORMATION to 22.45. :500
On the router here is what the VPN log reads (wished it was more verbose)
2009 Sep 1 18:47:31 [SRXN3205] [IKE] Ignore information because ISAKMP-SA has not been established yet._
2009 Sep 1 18:47:40 [SRXN3205] [IKE] The packet is retransmitted by 16.16.[500]._
2009 Sep 1 18:47:40 [SRXN3205] [IKE] Ignore information because ISAKMP-SA has not been established yet._
- Last output repeated twice -
2009 Sep 1 18:47:46 [SRXN3205] [IKE] an undead schedule has been deleted: 'isakmp_chkph1there'._
2009 Sep 1 18:47:46 [SRXN3205] [IKE] IPSec configuration with identifer "ait_torden" deleted sucessfully_
2009 Sep 1 18:47:46 [SRXN3205] [IKE] no phase2 bounded._
2009 Sep 1 18:47:46 [SRXN3205] [IKE] Purged ISAKMP-SA with spi=f3a834564cf15bf4:a5645e2c7414e4fd._
2009 Sep 1 18:47:46 [SRXN3205] [IKE] an undead schedule has been deleted: 'purge_remote'._
2009 Sep 1 18:47:46 [SRXN3205] [IKE] an undead schedule has been deleted: 'isakmp_ph1resend'._
2009 Sep 1 18:47:46 [SRXN3205] [IKE] IKE configuration with identifier "wizbang8" deleted sucessfully_
2009 Sep 1 18:48:00 [SRXN3205] [IKE] The packet is retransmitted by 209.198.[500]._
I followed the certs instructions to a T.... Where am I going wrong? Is there some way I can see what is being transmitted to the Openswan server and what it is sending back?
Here is what I am trying to do... I am trying to get my SRXN3207 to connect to a Openswan VPN server using certificates.... The vender ID of the Ike negotiations identify V-IPSecure as a vendor racoon.
I guess I could look up racoon to openswan VPN gateway to gateway connections.
PSK is rather insecure and at times doesnt work.
JT Edwards
Senior Solutions Architect (Automation and Service Management)
IBM Tivoli Certified
Direct: 281-226-0284
Direct: 512-772-3266
Follow Me: 1866-866-4391 ext 1
AIM tstrike34
GoogleTalk tstrike34 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090902/8edbc422/attachment.html
More information about the Users
mailing list