[Openswan Users] RES: RES: Decrypt ESP packets with wireshark for tunnel mode (Openswan)
Artur Ferreira da Silva
aferreira.mjv at gmail.com
Fri Nov 12 14:09:23 EST 2010
I'm using openswan behind a firewall configuration follows,
ipsec.secrets
a.b6.5.234 201.7.186.162: PSK "$key$"
ipsec.conf
conn openswan-checkpoint
type=tunnel
keyexchange=ike
auth=esp
pfs=no
authby=secret
keyingtries=0
forceencaps=yes
compress=no
aggrmode=no
auto=start
#FASE 1
ike=3des-sha1-modp1024
ikelifetime=86400s
#FASE 2
esp=3des-sha1
keylife=3600s
#Node my
left=10.205.22.212
leftid=a.b6.5.234
leftsubnet=10.5.57.0/24
leftnexthop=%defaultroute
leftsourceip=10.5.57.1
#NODE checkpoint
right=cd1.7.186.162
rightid=cd1.7.186.162
rightsubnet=10.5.35.0/24
-----Mensagem original-----
De: Paul Wouters [mailto:paul at xelerance.com]
Enviada em: sexta-feira, 12 de novembro de 2010 16:56
Para: Artur Ferreira da Silva
Cc: 'Kevin Wilson'; 'Willie Gillespie'; Users at openswan.org
Assunto: Re: [Openswan Users] RES: Decrypt ESP packets with wireshark for
tunnel mode (Openswan)
On Fri, 12 Nov 2010, Artur Ferreira da Silva wrote:
> can someone help me with this error?
>
> cannot respond to IPsec SA request because no connection is known for
>
0.0.0.0/0===10.205.22.212<10.205.22.212>[50.16.5.234,+S=C]...201.7.186.162<2
> 01.7.186.162>[+S=C]===0.0.0.0/0
> Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: | complete state transition
> with (null)
Too much debugging enabled. for config errors, which this is, NO DEBUG
should be
used.
> Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: "globo" #2: sending
encrypted
> notification INVALID_ID_INFORMATION to 201.7.186.162:500
There is a config mismatch between the two ends. Verify your left/right id's
Paul
More information about the Users
mailing list