[Openswan Users] OpenSWan 2.6.26 vs. Draytek Vigor 2850 (FW 3.6.0): no joy
Paul Wouters
paul at nohats.ca
Thu Mar 1 10:50:32 EST 2012
On Wed, 29 Feb 2012, Thomas Bätzler wrote:
> --8<--(snip)--8<--
> Feb 29 18:28:29 lab pluto[20031]: packet from 2.2.2.2:500: received
> Vendor ID payload [Dead Peer Detection]
> Feb 29 18:28:29 lab pluto[20031]: packet from 2.2.2.2:500: received
> Vendor ID payload [RFC 3947] method set to=109
> Feb 29 18:28:29 lab pluto[20031]: packet from 2.2.2.2:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already
> using method 109
> Feb 29 18:28:29 lab pluto[20031]: packet from 2.2.2.2:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
> already using method 109
> Feb 29 18:28:29 lab pluto[20031]: packet from 2.2.2.2:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already
> using method 109
> Feb 29 18:28:29 lab pluto[20031]: packet from 2.2.2.2:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
I'm a bit worried it is not saying "but already using method 109". This
might be the "osx nat-t" fix that's in git and will be in openswan
2.6.38. But then again.....
> NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
There is no NAT so it should not be the problem.
> STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
> cipher=aes_256 prf=oakley_sha group=modp1024}
> Feb 29 18:28:33 lab pluto[20031]: "northface"[2] 2.2.2.2 #4:
> retransmitting in response to duplicate packet; already STATE_MAIN_R3
The vigor rejected your proposal for phase 2 (esp= or pfs= setting)
Check its logs.
Paul
More information about the Users
mailing list