[Openswan Users] Openswan does not work with Juniper SRX

Ruben Ambarcumyanc nak78 at ukr.net
Mon Nov 15 14:18:09 EST 2010 

 Hi there, 

   I try to establish a VPN-connection between a latest Openswan and
   Juniper SRX without sucess.

   # ipsec version
   Linux Openswan 2.6.32dr3 (klips)
   See `ipsec --copyright' for copyright information.

   # ipsec auto --up conn1
   104 "conn1" #8: STATE_MAIN_I1: initiate
   003 "conn1" #8: received Vendor ID payload [Dead Peer Detection]
   003 "conn1" #8: ignoring unknown Vendor ID payload
   [699369228741c6d4ca094c93e242c9de19e7b7c60000000500000500]
   003 "conn1" #8: ignoring Vendor ID payload
   [draft-stenberg-ipsec-nat-traversal-01]
   003 "conn1" #8: ignoring Vendor ID payload
   [draft-stenberg-ipsec-nat-traversal-02]
   003 "conn1" #8: ignoring Vendor ID payload
   [draft-ietf-ipsec-nat-t-ike-00]
   003 "conn1" #8: received Vendor ID payload
   [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
   003 "conn1" #8: received Vendor ID payload
   [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
   003 "conn1" #8: received Vendor ID payload
   [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
   106 "conn1" #8: STATE_MAIN_I2: sent MI2, expecting MR2
   108 "conn1" #8: STATE_MAIN_I3: sent MI3, expecting MR3
   004 "conn1" #8: STATE_MAIN_I4: ISAKMP SA established
   {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha
   group=modp1024}
   117 "conn1" #9: STATE_QUICK_I1: initiate
   003 "conn1" #9: Notify Message Type of ISAKMP Notification Payload has
   an unknown value: 40001
   003 "conn1" #9: malformed payload in packet
   010 "conn1" #9: STATE_QUICK_I1: retransmission; will wait 20s for
   response
   010 "conn1" #9: STATE_QUICK_I1: retransmission; will wait 40s for
   response
   031 "conn1" #9: max number of retransmissions (2) reached
   STATE_QUICK_I1. No acceptable response to our first Quick Mode
   message: perhaps peer likes no proposal
   000 "conn1" #9: starting keying attempt 2 of an unlimited number, but
   releasing whack

   It seems that a similar problem was solved in Strongswan. See
   https://lists.strongswan.org/pipermail/users/2009-November/004037.html
   for details. 
   Is it possible to do a similar patch for Openswan? 

   Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101115/7a7676d5/attachment.html

More information about the Users mailing list