[Openswan Users] IPsec on Ubuntu Linux Server 8.04 (Hardy)

Kaushal Shriyan kaushalshriyan at gmail.com
Thu Jan 20 09:46:03 EST 2011


On Wed, Jan 19, 2011 at 11:03 AM, Kaushal Shriyan
<kaushalshriyan at gmail.com>wrote:

> On Tue, Jan 18, 2011 at 8:36 PM, Paul Wouters <paul at xelerance.com> wrote:
>
>> On Tue, 18 Jan 2011, Kaushal Shriyan wrote:
>>
>>  Hi Paul
>>>
>>> Please have a look at http://paste.ubuntu.com/555411/
>>>
>>
>> initiate on demand from 10.0.0.119:8 to 172.17.6.175:0 proto=1 state:
>> fos_start because: acquire
>>
>> You did not add oe=no in your "config setup" or you removed it? please put
>> it back there.
>>
>>
> Hi Paul
>
> I have added oe=no in config setup and restarted ipsec and terminate and
> initiated the ipsec service. The issue still persists.
>
>
>
>> "sonicwall" #1: STATE_MAIN_I4: ISAKMP SA established
>> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
>> group=modp1024}
>>
>> phase1 is up.
>>
>> "sonicwall" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
>> {ESP=>0x4287be14 <0xc60d8692 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none
>> DPD=enabled}
>>
>> phase2 is up.
>>
>> but meanwhile you also race with another connection which ends in:
>>
>> "sonicwall" #4: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA1,
>> OAKLEY_GROUP_MODP1024] refused due to strict flag
>>
>> So it seems the sonic wall might want esp=3des-sha1;modp1024
>>
>>
> Not sure i understand it. so do i need to set  "esp=3des-sha1;modp1024" in
> both VPN End points ?
>
> Please suggest/guide
>
> Thanks
>
> Kaushal
>
>
>
>
>
>
>> Paul
>>
>
> Hi Paul,

Please suggest/guide further about this issue.

Thanks

Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110120/b37aed93/attachment.html 


More information about the Users mailing list