[Openswan Users] IPsec on Ubuntu Linux Server 8.04 (Hardy)

Paul Wouters paul at xelerance.com
Tue Jan 18 10:06:27 EST 2011

On Tue, 18 Jan 2011, Kaushal Shriyan wrote:

> Hi Paul
> Please have a look at http://paste.ubuntu.com/555411/

initiate on demand from to proto=1 state: fos_start because: acquire

You did not add oe=no in your "config setup" or you removed it? please put it back there.

"sonicwall" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}

phase1 is up.

"sonicwall" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4287be14 <0xc60d8692 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=enabled}

phase2 is up.

but meanwhile you also race with another connection which ends in:

"sonicwall" #4: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1, OAKLEY_GROUP_MODP1024] refused due to strict flag

So it seems the sonic wall might want esp=3des-sha1;modp1024


More information about the Users mailing list