[Openswan Users] Ipsec configuration Lucent VPN Gateway with OpenSwan or others (Lucent IPSec Client 9.2.0 in Windows XP)
Oscar Barrios
srbarrios at gmail.com
Sat Feb 20 04:10:38 EST 2010
Thanks Paul,
Changing to agressive mode, the result not change :S
The problem is that i can't know the configuration of the other end,
it works with Windows client and my enterprise don't get support fort
linux..
But I hope that is possible to configure this, Can I sniff something
on the client to help me know the settings?
000 "Intranet": policy:
PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP+MODECFGPULL+AGGRESSIVE+IKEv2ALLOW;
prio: 32,32; interface: wlan0;
000 "Intranet": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "Intranet": IKE algorithms wanted:
AES_CBC(7)_256-SHA1(2)-MODP1536(5); flags=-strict
000 "Intranet": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-5,
000 "Intranet": ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
000 "Intranet": ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000
000 #1: "Intranet":500 STATE_AGGR_I1 (sent AI1, expecting AR1);
EVENT_RETRANSMIT in 0s; nodpd; idle; import:admin initiate
000 #1: pending Phase 2 for "Intranet" replacing #0
2010/2/20 Paul Wouters <paul at xelerance.com>:
> On Fri, 19 Feb 2010, Oscar Barrios wrote:
>
>> conn Intranet
>> ike=aes256-sha1-modp1024
>> phase2alg=aes256-sha1
>> aggrmode=no
>> keyexchange=ike
>> ikelifetime=24h
>> auth=esp
>> type=tunnel
>> authby=secret
>> left=192.168.2.100
>> leftmodecfgclient=yes
>> leftxauthclient=yes
>> leftid="obarrios"
>> right=62.xx.xx.xx
>> rightmodecfgserver=yes
>> rightxauthserver=yes
>> modecfgpull=yes
>> pfs=yes
>> compress=yes
>> auto=add
>
> Usually, xauth is used with aggressive mode.
>
>> 000 #2: "Intranet":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
>> EVENT_RETRANSMIT in 11s; nodpd; idle; import:admin initiate
>
> Seeing that your first packet is rejected, your configuration likely
> does not match what the other end is expecting.
>
> Paul
>
More information about the Users
mailing list