[Openswan Users] Linux and Cisco VPN don´t connect

Listas Ayuda listas at contelsis.com
Tue Aug 30 18:22:50 EDT 2011 

Regards
I'm  configuring one VPN between Untangle v 9.0.2 (Debian Linux) and Cisco VPN 5540 Series but don`t work. My openswan version is: 2.6.28
Config is next:

UNTANGLE:

Description: Untangle VPN
Connection Type: Tunnel
Auto Mode:  Start
Interface:External
External IP: 190.154.14.230 (this ip is only for this example..)
Remote IP: 186.10.29.40 (this ip is only for this example..)
Local Network: 192.168.210.0/30
Local IP:192.168.210.1
Remote Network: 172.27.2.0/2
Perfect Forward Secrecy (PFS) : checked
Shared Secret: constitucionalmentefregado

CISCO:

 
crypto ipsec transform-set RC-MF-2 esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 4608000
crypto map RC-MF-2 70 match address acl-VPN-RC-MF-2
crypto map RC-MF-2 70 set pfs 
crypto map RC-MF-2 70 set peer 190.154.14.230 
crypto map RC-MF-2 70 set transform-set RC-MF-2
crypto map RC-MF-2 interface LC-ASA
crypto isakmp identity hostname 
crypto isakmp enable LC-ASA
crypto isakmp policy 70
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp nat-traversal 3600
tunnel-group 190.154.14.230 type ipsec-l2l
tunnel-group 190.154.14.230 ipsec-attributes
 pre-shared-key *
 peer-id-validate nocheck


Log return in untangle is:


Aug 30 16:44:12 untangle pluto[29536]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_add(): ERROR: Algorithm already exists
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_add(): ERROR: Algorithm already exists
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_add(): ERROR: Algorithm already exists
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_add(): ERROR: Algorithm already exists
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_add(): ERROR: Algorithm already exists
Aug 30 16:44:12 untangle pluto[29536]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Aug 30 16:44:12 untangle pluto[29536]: myid malformed: empty string ""
Aug 30 16:44:12 untangle pluto[29536]: Changed path to directory '/etc/ipsec.d/cacerts'
Aug 30 16:44:12 untangle pluto[29536]: Changed path to directory '/etc/ipsec.d/aacerts'
Aug 30 16:44:12 untangle pluto[29536]: Changed path to directory '/etc/ipsec.d/ocspcerts'
Aug 30 16:44:12 untangle pluto[29536]: Changing to directory '/etc/ipsec.d/crls'
Aug 30 16:44:12 untangle pluto[29536]:   Warning: empty directory
Aug 30 16:44:12 untangle pluto[29536]: added connection description "UT6_Untangle_VPN"
Aug 30 16:44:12 untangle pluto[29536]: listening for IKE messages
Aug 30 16:44:12 untangle pluto[29536]: adding interface utun/utun 192.0.2.43:500
Aug 30 16:44:12 untangle pluto[29536]: adding interface dummy0/dummy0 192.0.2.42:500
Aug 30 16:44:12 untangle pluto[29536]: adding interface eth2/eth2 192.168.210.1:500
Aug 30 16:44:12 untangle pluto[29536]: adding interface eth1/eth1 190.154.250.211:500
Aug 30 16:44:12 untangle pluto[29536]: adding interface eth0/eth0 190.154.14.230:500
Aug 30 16:44:12 untangle pluto[29536]: adding interface lo/lo 127.0.0.1:500
Aug 30 16:44:12 untangle pluto[29536]: loading secrets from "/etc/ipsec.secrets"
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: initiating Main Mode
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: ignoring Vendor ID payload [FRAGMENTATION c0000000]
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: received Vendor ID payload [Cisco-Unity]
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: received Vendor ID payload [XAUTH]
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: ignoring unknown Vendor ID payload [3d01f6d3afa543a80902fef28c3240f7]
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: received Vendor ID payload [Dead Peer Detection]
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: Main mode peer ID is ID_FQDN: '@eFW-5540-EXT.domain.com'
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: we require peer to have ID '186.10.29.40', but peer declares '@eFW-5540-EXT.domain.com'
Aug 30 16:44:12 untangle pluto[29536]: "UT6_Untangle_VPN" #1: sending encrypted notification INVALID_ID_INFORMATION to 186.10.29.40:500
Aug 30 16:44:23 untangle pluto[29536]: "UT6_Untangle_VPN" #1: next payload type of ISAKMP Hash Payload has an unknown value: 243
Aug 30 16:44:23 untangle pluto[29536]: "UT6_Untangle_VPN" #1: malformed payload in packet
Aug 30 16:44:23 untangle pluto[29536]: | payload malformed after IV
Aug 30 16:44:23 untangle pluto[29536]: |   23 51 a0 6b  4b 20 b6 f4
Aug 30 16:44:23 untangle pluto[29536]: "UT6_Untangle_VPN" #1: sending notification PAYLOAD_MALFORMED to 186.10.29.40:500
Aug 30 16:44:25 untangle pluto[29536]: "UT6_Untangle_VPN" #1: next payload type of ISAKMP Hash Payload has an unknown value: 126
Aug 30 16:44:25 untangle pluto[29536]: "UT6_Untangle_VPN" #1: malformed payload in packet
Aug 30 16:44:25 untangle pluto[29536]: | payload malformed after IV
Aug 30 16:44:25 untangle pluto[29536]: |   23 51 a0 6b  4b 20 b6 f4
Aug 30 16:44:25 untangle pluto[29536]: "UT6_Untangle_VPN" #1: sending notification PAYLOAD_MALFORMED to 186.10.29.40:500
Aug 30 16:44:27 untangle pluto[29536]: "UT6_Untangle_VPN" #1: byte 2 of ISAKMP Hash Payload must be zero, but is not
Aug 30 16:44:27 untangle pluto[29536]: "UT6_Untangle_VPN" #1: malformed payload in packet
Aug 30 16:44:27 untangle pluto[29536]: | payload malformed after IV
Aug 30 16:44:27 untangle pluto[29536]: |   23 51 a0 6b  4b 20 b6 f4


What is the problem. Thank you for your help.

Attm
Roberto

More information about the Users mailing list