[Openswan Users] IPsec on Ubuntu Linux Server 8.04 (Hardy)
Paul Wouters
paul at xelerance.com
Tue Jan 18 10:06:27 EST 2011
On Tue, 18 Jan 2011, Kaushal Shriyan wrote:
> Hi Paul
>
> Please have a look at http://paste.ubuntu.com/555411/
initiate on demand from 10.0.0.119:8 to 172.17.6.175:0 proto=1 state: fos_start because: acquire
You did not add oe=no in your "config setup" or you removed it? please put it back there.
"sonicwall" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
phase1 is up.
"sonicwall" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4287be14 <0xc60d8692 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=enabled}
phase2 is up.
but meanwhile you also race with another connection which ends in:
"sonicwall" #4: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag
So it seems the sonic wall might want esp=3des-sha1;modp1024
Paul
More information about the Users
mailing list