[Openswan Users] Juniper/netscreen connection
Kristo Kivisaar
kristo at kivisaar.com
Thu Oct 14 08:44:05 EDT 2010
Hi
Can someone help me with Juniper and openswan connection. I have preshared key
+ xauth. Need connection linux box -> internet -> juniper -> some server's
here
002 "netscreen" #1: initiating Aggressive Mode #1, connection "netscreen"
112 "netscreen" #1: STATE_AGGR_I1: initiate
003 "netscreen" #1: ignoring unknown Vendor ID payload
[e7a811cf8de6140e3adc82fd7855ff8ffxxxxxxxxxxxxxxx]
003 "netscreen" #1: received Vendor ID payload [XAUTH]
003 "netscreen" #1: received Vendor ID payload [Dead Peer Detection]
003 "netscreen" #1: ignoring Vendor ID payload [HeartBeat Notify 386b0100]
002 "netscreen" #1: Aggressive mode peer ID is ID_IPV4_ADDR: '195.x.x.x'
002 "netscreen" #1: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
004 "netscreen" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
002 "netscreen" #1: XAUTH: Answering XAUTH challenge with user='testing'
002 "netscreen" #1: transition from state STATE_XAUTH_I0 to state
STATE_XAUTH_I1
004 "netscreen" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
228 "netscreen" #1: STATE_XAUTH_I1: CERTIFICATE_UNAVAILABLE
002 "netscreen" #1: sending encrypted notification CERTIFICATE_UNAVAILABLE to
195.x.x.x:500
003 "netscreen" #1: next payload type of ISAKMP Hash Payload has an unknown
value: 191
003 "netscreen" #1: malformed payload in packet
002 "netscreen" #1: sending notification PAYLOAD_MALFORMED to 195.x.x.x:500
I think somthing wrong with STATE_XAUTH_I1: CERTIFICATE_UNAVAILABLE . But for
connection i have no cert.
openswan-2.6.24-2mdv2010.1
kernel: 2.6.33.7-desktop-2mnb
If I change password for wrong: auth canceled
if I change preshared key for worg: auth canceled.
Seems password and preshared key are ok. But somthing wrong
ipsec.conf
conn netscreen
type=tunnel
leftxauthusername=testing
left=%defaultroute
leftnexthop=%defaultroute
leftid=first.last at domain.com
leftxauthclient=yes
leftmodecfgclient=yes
leftsendcert=never
right=195.x.x.x
rightxauthserver=yes
rightmodecfgserver=yes
rekey=no
pfs=yes
aggrmode=yes
auto=add
authby=secret
keyexchange=ike
ike=aes128-sha1-modp1024
ikelifetime=86400s
keylife=28800s
auth=esp
esp=aes128-sha1
Bad news for me, that all google are searched :( I can see similar problem ,
but no resolution.
Kristo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101014/2ae8b984/attachment-0001.html
More information about the Users
mailing list