[Openswan Users] Juniper/netscreen connection

Kristo Kivisaar kristo at kivisaar.com
Thu Oct 14 08:44:05 EDT 2010


Hi

Can someone help me with Juniper and openswan connection. I have preshared key 
+ xauth. Need connection linux box -> internet -> juniper -> some server's 
here

002 "netscreen" #1: initiating Aggressive Mode #1, connection "netscreen"
112 "netscreen" #1: STATE_AGGR_I1: initiate
003 "netscreen" #1: ignoring unknown Vendor ID payload 
[e7a811cf8de6140e3adc82fd7855ff8ffxxxxxxxxxxxxxxx]
003 "netscreen" #1: received Vendor ID payload [XAUTH]
003 "netscreen" #1: received Vendor ID payload [Dead Peer Detection]
003 "netscreen" #1: ignoring Vendor ID payload [HeartBeat Notify 386b0100]
002 "netscreen" #1: Aggressive mode peer ID is ID_IPV4_ADDR: '195.x.x.x'
002 "netscreen" #1: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
004 "netscreen" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established 
{auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
002 "netscreen" #1: XAUTH: Answering XAUTH challenge with user='testing'
002 "netscreen" #1: transition from state STATE_XAUTH_I0 to state 
STATE_XAUTH_I1
004 "netscreen" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
228 "netscreen" #1: STATE_XAUTH_I1: CERTIFICATE_UNAVAILABLE
002 "netscreen" #1: sending encrypted notification CERTIFICATE_UNAVAILABLE to 
195.x.x.x:500
003 "netscreen" #1: next payload type of ISAKMP Hash Payload has an unknown 
value: 191
003 "netscreen" #1: malformed payload in packet
002 "netscreen" #1: sending notification PAYLOAD_MALFORMED to 195.x.x.x:500

I think somthing wrong with STATE_XAUTH_I1: CERTIFICATE_UNAVAILABLE . But for 
connection i have no cert.

openswan-2.6.24-2mdv2010.1
kernel: 2.6.33.7-desktop-2mnb

If I change password for wrong: auth canceled
if I change preshared key for worg: auth canceled.

Seems password and preshared key are ok. But somthing wrong

ipsec.conf

conn netscreen
    type=tunnel
    leftxauthusername=testing
    left=%defaultroute
    leftnexthop=%defaultroute
    leftid=first.last at domain.com
    leftxauthclient=yes
    leftmodecfgclient=yes
    leftsendcert=never
    right=195.x.x.x
    rightxauthserver=yes
    rightmodecfgserver=yes
    rekey=no
    pfs=yes
    aggrmode=yes
    auto=add
    authby=secret
    keyexchange=ike
    ike=aes128-sha1-modp1024
    ikelifetime=86400s
    keylife=28800s
    auth=esp
    esp=aes128-sha1

Bad news for me, that all google are searched :( I can see similar problem , 
but no resolution.

Kristo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101014/2ae8b984/attachment-0001.html 


More information about the Users mailing list