[Openswan Users] Sonicwall TZ170 to OpenSWAN peer's ID_USER_FQDN contains no @

Paul Wouters paul at xelerance.com
Wed Apr 28 11:21:20 EDT 2010 

On Wed, 28 Apr 2010, Mike A. Leonetti wrote:

> Paul Wouters wrote:
>> On Tue, 27 Apr 2010, Mike A. Leonetti wrote:
>>
>>> Trying to connect a TZ710<->Openswan gets me the follwing errors:
>>>
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: received Vendor ID
>>> payload [draft-ietf-ipsec-nat-t-ike-00]
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: ignoring Vendor ID
>>> payload [Sonicwall 1 (TZ 170 Standard?)]
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: peer's
>>> ID_USER_FQDN contains no @: 0006B105D23
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: Aggressive mode
>>> peer ID is ID_USER_FQDN: '0006B105D230'
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: no suitable
>>> connection for peer '0006B105D230'
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: initial Aggressive
>>> Mode packet claiming to be from y.y.y.y on y.y.y.y but no connection has
>>> been authorized
>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: sending
>>> notification INVALID_ID_INFORMATION to y.y.y.y:500
>>>
>>> conn andree
>>> left=x.x.x.x
>>> leftsourceip=10.1.1.1
>>> leftsubnet=10.1.1.0/24
>>> leftid=x.x.x.x
>>> right=y.y.y.y
>>> rightsubnet=192.168.3.0/24
>>> # rightid=0006B105D23U
>>> keyingtries=0
>>> pfs=no
>>> aggrmode=yes
>>> auto=start
>>> auth=esp
>>> esp=3des-sha1
>>> ike=3des-sha1
>>> authby=secret
>>> keyexchange=ike
>>
>> Try using rightid=@0006B105D23U
>>
>> Paul
> No errors, but the only thing I get is this:
>
> Apr 28 09:11:42 fortissimo pluto[23745]: "andree": deleting connection
> Apr 28 09:11:42 fortissimo pluto[23745]: "andree" #4: deleting state
> (STATE_AGGR_I1)
> Apr 28 09:11:43 fortissimo pluto[25359]: added connection description
> "andree"
> Apr 28 09:11:43 fortissimo ipsec__plutorun: 002 added connection
> description "andree"
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
> transforms were set in aggressive mode. Only first one used.
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
> (5,2,2,0) ignored.
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: initiating
> Aggressive Mode #4, connection "andree"
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
> transforms were set in aggressive mode. Only first one used.
> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
> (5,2,2,0) ignored.
> Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: multiple
> transforms were set in aggressive mode. Only first one used.
> Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: transform
> (5,2,2,0) ignored.
>
>
> And then
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> ignoring Vendor ID payload [Sonicwall 2 (3.1.0.12-86s?)]
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> received Vendor ID payload [XAUTH]
> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
> initial Aggressive Mode message from y.y.y.y but no (wildcard)
> connection has been configured with policy=PSK+AGGRESSIVE

Try using right=%any

> But it never comes up.
>

More information about the Users mailing list