[Openswan Users] IPSec VPN Tunnel Connection ...Please Help.....
Randy Wyatt
rwyatt at nvtl.com
Fri Feb 19 15:43:59 EST 2010
Have you checked your PSK?
Regards,
Randy
________________________________
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of emil at stoynev.us
Sent: Friday, February 19, 2010 12:40 PM
To: users at openswan.org
Subject: [Openswan Users] IPSec VPN Tunnel Connection ...Please
Help.....
Hello, I am getting this error when I try to bring up IPSec Tunnel...
Looking
for someone help.. Thanks...
Starting connection with command /usr/sbin/ipsec auto --up
'paycode-to-vivacom' ..
104 "paycode-to-vivacom" #10: STATE_MAIN_I1: initiate
003 "paycode-to-vivacom" #10: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
003 "paycode-to-vivacom" #10: ignoring Vendor ID payload [FRAGMENTATION
c0000000]
106 "paycode-to-vivacom" #10: STATE_MAIN_I2: sent MI2, expecting MR2
003 "paycode-to-vivacom" #10: received Vendor ID payload [Cisco-Unity]
003 "paycode-to-vivacom" #10: received Vendor ID payload [XAUTH]
003 "paycode-to-vivacom" #10: ignoring unknown Vendor ID payload
[4acca7967b99500430ae278225d941bf]
003 "paycode-to-vivacom" #10: ignoring Vendor ID payload [Cisco VPN 3000
Series]
003 "paycode-to-vivacom" #10: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
108 "paycode-to-vivacom" #10: STATE_MAIN_I3: sent MI3, expecting MR3
010 "paycode-to-vivacom" #10: STATE_MAIN_I3: retransmission; will wait
20s for response
003 "paycode-to-vivacom" #10: discarding duplicate packet; already
STATE_MAIN_I3
003 "paycode-to-vivacom" #10: discarding duplicate packet; already
STATE_MAIN_I3
003 "paycode-to-vivacom" #10: discarding duplicate packet; already
STATE_MAIN_I3
010 "paycode-to-vivacom" #10: STATE_MAIN_I3: retransmission; will wait
40s for response
003 "paycode-to-vivacom" #10: next payload type of ISAKMP Hash Payload
has an unknown value: 125
003 "paycode-to-vivacom" #10: malformed payload in packet
031 "paycode-to-vivacom" #10: max number of retransmissions (2) reached
STATE_MAIN_I3. Possible authentication failure: no acceptable response
to our first encrypted message
000 "paycode-to-vivacom" #10: starting keying attempt 2 of at most 3,
but releasing whack
ipsec.conf >>>>>
conn paycode-to-vivacom
auth=esp
authby=secret
auto=start
esp=3des-168
ike=3des-md5
ikelifetime=8h
keyexchange=ike
keyingtries=3
keylife=1h
left=95.43.208.250
leftid=95.43.208.250
leftnexthop=95.43.208.249
pfs=yes
right=212.39.72.21
rightsubnet=10.16.0.0/24
type=tunnel
config setup
interfaces=%defaultroute
nat_traversal=yes
OE=off
protostack=netkey
Connection Configuration >>> http://i48.tinypic.com/1823ba.jpg
The OS is Debian Squeeze
paycode:~# ipsec verify
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.23/K2.6.32-trunk-686 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support
[DISABLED]
paycode:~#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100219/466e26ed/attachment-0001.html
More information about the Users
mailing list