[Openswan Users] IPsec on Ubuntu Linux Server 8.04 (Hardy)
Kaushal Shriyan
kaushalshriyan at gmail.com
Wed Jan 19 00:33:21 EST 2011
On Tue, Jan 18, 2011 at 8:36 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Tue, 18 Jan 2011, Kaushal Shriyan wrote:
>
> Hi Paul
>>
>> Please have a look at http://paste.ubuntu.com/555411/
>>
>
> initiate on demand from 10.0.0.119:8 to 172.17.6.175:0 proto=1 state:
> fos_start because: acquire
>
> You did not add oe=no in your "config setup" or you removed it? please put
> it back there.
>
>
Hi Paul
I have added oe=no in config setup and restarted ipsec and terminate and
initiated the ipsec service. The issue still persists.
> "sonicwall" #1: STATE_MAIN_I4: ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
> group=modp1024}
>
> phase1 is up.
>
> "sonicwall" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
> {ESP=>0x4287be14 <0xc60d8692 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none
> DPD=enabled}
>
> phase2 is up.
>
> but meanwhile you also race with another connection which ends in:
>
> "sonicwall" #4: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1,
> OAKLEY_GROUP_MODP1024] refused due to strict flag
>
> So it seems the sonic wall might want esp=3des-sha1;modp1024
>
>
Not sure i understand it. so do i need to set "esp=3des-sha1;modp1024" in
both VPN End points ?
Please suggest/guide
Thanks
Kaushal
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110119/8d833211/attachment.html
More information about the Users
mailing list