[Openswan Users] Linux --> Juniper

Alejandro Perretta aperretta at dineromail.com
Wed Oct 19 09:15:16 EDT 2011


I have a linux with openswan , im new with opensway (Linux Openswan
U2.6.23/K2.6.32-34-server (netkey)


I need to connect to a juniper device with this config

my point

200.41.xxx.xxx
my net 192.168.10.0/24

the other point

189.xxx.xxx.xxx
the net on the other side 70.30.1./24

i have this conf in my ipsec.conf

conn tunnel
  type=tunnel
  auth=esp
  authby=secret
  left=200.41.xxx.xxx
  leftsubnet=172.30.0.0/24
  rightsubnet=172.30.1.0/24
  right=189..xxx.xxx.xxx
  esp=aes256-sha1
  auto=start



 When i try to connect ive get this errors...

Oct 19 10:12:23 DMLX01 pluto[5916]: | got payload 0x20(ISAKMP_NEXT_ID)
needed: 0x0 opt: 0x200030
Oct 19 10:12:23 DMLX01 pluto[5916]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Oct 19 10:12:23 DMLX01 pluto[5916]: |    next payload type: ISAKMP_NEXT_ID
Oct 19 10:12:23 DMLX01 pluto[5916]: |    length: 12
Oct 19 10:12:23 DMLX01 pluto[5916]: |    ID type: ID_IPV4_ADDR
Oct 19 10:12:23 DMLX01 pluto[5916]: |    Protocol ID: 0
Oct 19 10:12:23 DMLX01 pluto[5916]: |    port: 0
Oct 19 10:12:23 DMLX01 pluto[5916]: |      obj:   c0 a8 0a 3b  00 00 00 0c
01 00 00 00
Oct 19 10:12:23 DMLX01 pluto[5916]: | got payload 0x20(ISAKMP_NEXT_ID)
needed: 0x0 opt: 0x200030
Oct 19 10:12:23 DMLX01 pluto[5916]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Oct 19 10:12:23 DMLX01 pluto[5916]: |    next payload type: ISAKMP_NEXT_NONE
Oct 19 10:12:23 DMLX01 pluto[5916]: |    length: 12)Oct 19 10:12:23 DMLX01
pluto[5916]: |    ID type: ID_IPV4_ADDR
Oct 19 10:12:23 DMLX01 pluto[5916]: |    Protocol ID: 0
Oct 19 10:12:23 DMLX01 pluto[5916]: |    port: 0
Oct 19 10:12:23 DMLX01 pluto[5916]: |      obj:   ac 1e 01 03  00 00 00 00
91 35 2a 60
Oct 19 10:12:23 DMLX01 pluto[5916]: | removing 4 bytes of padding
Oct 19 10:12:23 DMLX01 pluto[5916]: | peer client is 192.168.10.59
Oct 19 10:12:23 DMLX01 pluto[5916]: | peer client protocol/port is 0/0
Oct 19 10:12:23 DMLX01 pluto[5916]: | our client is 172.30.1.3
Oct 19 10:12:23 DMLX01 pluto[5916]: | our client protocol/port is 0/0
Oct 19 10:12:23 DMLX01 pluto[5916]: "tunnel" #20: the peer proposed:
172.30.1.3/32:0/0 -> 192.168.10.59/32:0/0
Oct 19 10:12:23 DMLX01 pluto[5916]: "tunnel" #20: cannot respond to IPsec SA
request because no connection is known for 172.30.1.3/32===200.41.xxx.xxx
>[+S=C]...189.xxxxx<189.xxxx>[+S=C]===192.168.10.59/32
Oct 19 10:12:23 DMLX01 pluto[5916]: | complete state transition with (null)
Oct 19 10:12:23 DMLX01 pluto[5916]: "tunnel" #20: sending encrypted
notification INVALID_ID_INFORMATION to 189.xxxxxx:500
Oct 19 10:12:23 DMLX01 pluto[5916]: | sending 76 bytes for notification
packet through eth1:500 to 189xxxx:500 (using #20)
Oct 19 10:12:23 DMLX01 pluto[5916]: | state transition function for
STATE_QUICK_R0 failed: INVALID_ID_INFORMATION
Oct 19 10:12:23 DMLX01 pluto[5916]: | * processed 0 messages from
cryptographic helpers
Oct 19 10:12:23 DMLX01 pluto[5916]: | next event EVENT_PENDING_DDNS in 19
seconds



any help ????
-- 
Alejandro Perretta
 Tecnologia
Humboldt 2495 piso 4
 <fsosa at dineromail.com>Tel. (+54) 11 5275-1700
DineroMail Argentina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20111019/70f6129b/attachment-0001.html 


More information about the Users mailing list