[Openswan Users] Openswan and V-IPSecure

Erich Titl erich.titl at think.ch
Wed Sep 2 09:32:38 EDT 2009


Hi

JT Edwards wrote:
> To all:
> 
> I have researched all the material that in the archives.
> 
> I configured V-IPSecure for Ike VPN with certificates. After following
> the instructions for generating certificates (to include a key) I
> attempted to start connection to a Openswan VPN gateway. We reach the
> 2nd stage of the Ike negotiations when I get these messages:
> 
....

> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Sep 1 17:58:13 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1:
> STATE_MAIN_R2: sent MR2, expecting MI3
> Sep 1 17:58:14 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1: Main
> mode peer ID is ID_IPV4_ADDR: '22.45.'

See, no certificate.....

> Sep 1 17:58:14 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1: no
> suitable connection for peer '22.45.'
> Sep 1 17:58:14 wizbang8 pluto[31132]: "ait-to-home"[1] 22.45. #1:
> sending encrypted notification INVALID_ID_INFORMATION to 22.45. :500

Your peer sent you another ID than you expect, so there is no suitable
connection and your server just tells so. The peer probably tries to
identify by IP and this is not a certificate set up.

> 
> On the router here is what the VPN log reads (wished it was more verbose)
> 
> 2009 Sep 1 18:47:31 [SRXN3205] [IKE] Ignore information because
> ISAKMP-SA has not been established yet._
> 2009 Sep 1 18:47:40 [SRXN3205] [IKE] The packet is retransmitted by
> 16.16.[500]._
...

> 
> I followed the certs instructions to a T.... Where am I going wrong? Is
> there some way I can see what is being transmitted to the Openswan
> server and what it is sending back?

See above ....

> Here is what I am trying to do... I am trying to get my SRXN3207 to
> connect to a Openswan VPN server using certificates.... The vender ID of
> the Ike negotiations identify V-IPSecure as a vendor racoon.

No you do not try to identify by cert.

cheers

Erich


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3409 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20090902/fb8e8eff/attachment.bin 


More information about the Users mailing list