[Openswan Users] Sonicwall TZ170 to OpenSWAN peer's ID_USER_FQDN contains no @

Mike A. Leonetti mleonetti at evolutionce.com
Wed Apr 28 09:09:06 EDT 2010 

Paul Wouters wrote:
> On Tue, 27 Apr 2010, Mike A. Leonetti wrote:
>
>> Trying to connect a TZ710<->Openswan gets me the follwing errors:
>>
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: received Vendor ID
>> payload [draft-ietf-ipsec-nat-t-ike-00]
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: ignoring Vendor ID
>> payload [Sonicwall 1 (TZ 170 Standard?)]
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: peer's
>> ID_USER_FQDN contains no @: 0006B105D23
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: Aggressive mode
>> peer ID is ID_USER_FQDN: '0006B105D230'
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: no suitable
>> connection for peer '0006B105D230'
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: initial Aggressive
>> Mode packet claiming to be from y.y.y.y on y.y.y.y but no connection has
>> been authorized
>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: sending
>> notification INVALID_ID_INFORMATION to y.y.y.y:500
>>
>> conn andree
>> left=x.x.x.x
>> leftsourceip=10.1.1.1
>> leftsubnet=10.1.1.0/24
>> leftid=x.x.x.x
>> right=y.y.y.y
>> rightsubnet=192.168.3.0/24
>> # rightid=0006B105D23U
>> keyingtries=0
>> pfs=no
>> aggrmode=yes
>> auto=start
>> auth=esp
>> esp=3des-sha1
>> ike=3des-sha1
>> authby=secret
>> keyexchange=ike
>
> Try using rightid=@0006B105D23U
>
> Paul
No errors, but the only thing I get is this:

Apr 28 09:11:42 fortissimo pluto[23745]: "andree": deleting connection
Apr 28 09:11:42 fortissimo pluto[23745]: "andree" #4: deleting state
(STATE_AGGR_I1)
Apr 28 09:11:43 fortissimo pluto[25359]: added connection description
"andree"
Apr 28 09:11:43 fortissimo ipsec__plutorun: 002 added connection
description "andree"
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
(5,2,2,0) ignored.
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: initiating
Aggressive Mode #4, connection "andree"
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
(5,2,2,0) ignored.
Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: multiple
transforms were set in aggressive mode. Only first one used.
Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: transform
(5,2,2,0) ignored.


And then
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
ignoring Vendor ID payload [Sonicwall 2 (3.1.0.12-86s?)]
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
received Vendor ID payload [XAUTH]
Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
initial Aggressive Mode message from y.y.y.y but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE

But it never comes up.

More information about the Users mailing list