[Openswan Users] Sonicwall TZ170 to OpenSWAN peer's ID_USER_FQDN contains no @
Mike A. Leonetti
mleonetti at evolutionce.com
Wed Apr 28 11:50:37 EDT 2010
Paul Wouters wrote:
> On Wed, 28 Apr 2010, Mike A. Leonetti wrote:
>
>> Paul Wouters wrote:
>>> On Tue, 27 Apr 2010, Mike A. Leonetti wrote:
>>>
>>>> Trying to connect a TZ710<->Openswan gets me the follwing errors:
>>>>
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: received
>>>> Vendor ID
>>>> payload [draft-ietf-ipsec-nat-t-ike-00]
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: ignoring
>>>> Vendor ID
>>>> payload [Sonicwall 1 (TZ 170 Standard?)]
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: peer's
>>>> ID_USER_FQDN contains no @: 0006B105D23
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: Aggressive mode
>>>> peer ID is ID_USER_FQDN: '0006B105D230'
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: no suitable
>>>> connection for peer '0006B105D230'
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: initial
>>>> Aggressive
>>>> Mode packet claiming to be from y.y.y.y on y.y.y.y but no
>>>> connection has
>>>> been authorized
>>>> Apr 27 15:15:41 fortissimo pluto[24391]: "andree" #4: sending
>>>> notification INVALID_ID_INFORMATION to y.y.y.y:500
>>>>
>>>> conn andree
>>>> left=x.x.x.x
>>>> leftsourceip=10.1.1.1
>>>> leftsubnet=10.1.1.0/24
>>>> leftid=x.x.x.x
>>>> right=y.y.y.y
>>>> rightsubnet=192.168.3.0/24
>>>> # rightid=0006B105D23U
>>>> keyingtries=0
>>>> pfs=no
>>>> aggrmode=yes
>>>> auto=start
>>>> auth=esp
>>>> esp=3des-sha1
>>>> ike=3des-sha1
>>>> authby=secret
>>>> keyexchange=ike
>>>
>>> Try using rightid=@0006B105D23U
>>>
>>> Paul
>> No errors, but the only thing I get is this:
>>
>> Apr 28 09:11:42 fortissimo pluto[23745]: "andree": deleting connection
>> Apr 28 09:11:42 fortissimo pluto[23745]: "andree" #4: deleting state
>> (STATE_AGGR_I1)
>> Apr 28 09:11:43 fortissimo pluto[25359]: added connection description
>> "andree"
>> Apr 28 09:11:43 fortissimo ipsec__plutorun: 002 added connection
>> description "andree"
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
>> transforms were set in aggressive mode. Only first one used.
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
>> (5,2,2,0) ignored.
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: initiating
>> Aggressive Mode #4, connection "andree"
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: multiple
>> transforms were set in aggressive mode. Only first one used.
>> Apr 28 09:11:43 fortissimo pluto[25359]: "andree" #4: transform
>> (5,2,2,0) ignored.
>> Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: multiple
>> transforms were set in aggressive mode. Only first one used.
>> Apr 28 09:11:43 fortissimo ipsec__plutorun: 003 "andree" #4: transform
>> (5,2,2,0) ignored.
>>
>>
>> And then
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> ignoring Vendor ID payload [Sonicwall 2 (3.1.0.12-86s?)]
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> received Vendor ID payload [XAUTH]
>> Apr 28 09:08:32 fortissimo pluto[23745]: packet from y.y.y.y:500:
>> initial Aggressive Mode message from y.y.y.y but no (wildcard)
>> connection has been configured with policy=PSK+AGGRESSIVE
>
> Try using right=%any
>
>> But it never comes up.
>>
It isn't very happy with that.
Apr 28 11:56:56 fortissimo pluto[25359]: "andree": deleting connection
Apr 28 11:56:56 fortissimo pluto[25359]: "andree" #37: deleting state
(STATE_AGGR_I1)
Apr 28 11:56:57 fortissimo pluto[28651]: added connection description
"andree"
Apr 28 11:56:57 fortissimo ipsec__plutorun: 002 added connection
description "andree"
Apr 28 11:56:58 fortissimo pluto[28651]: "andree": cannot initiate
connection without knowing peer IP address (kind=CK_TEMPLATE)
Apr 28 11:56:58 fortissimo ipsec__plutorun: 029 "andree": cannot
initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
More information about the Users
mailing list