[Openswan Users] Connection problem
Krzysztof Kardas
krzychk2 at gmail.com
Thu Jan 24 15:51:19 EST 2013
Hi,
I am a new in OpenSwan technologies. I have a problem with proper
configuration of ip-sec tunnel to CISCO equipment.
Tunnel parameters are:
Phase 1
Authentication-method: rsa-signatures
Diffie-Hellman-group: group2
Authentication-algorithm: sha1
Encryption-algorithm: aes-256-cbc
Lifetime-seconds: 86400
Phase 2
Protocol: esp
Authentication-algorithm: hmac-sha1-96
Encryption-algorithm: aes-256-cbc
Lifetime-seconds: 3600
My configuration I am working on is:
conn borucza
authby = rsasig
auth = esp
keyexchange = ike
ike = aes256-sha1
ikelifetime = 86400s
pfs = yes
esp = aes256-sha1
salifetime = 3600s
dpdtimeout = 10
dpddelay = 3
right=%defaultroute
rightrsasigkey=%cert
rightcert=netp ## certificate in the NSS database
rightid=@B-DMZ-FWL-2201.plicbd.pl
# Left side is Check Point
left=91.217.25.14
leftsubnet=10.104.5.36/24 ## subnet behind the gateway
leftcert=c352fa89f28c4d7c7c4944dbfd47e93c_e9bf401e-df95-4b5e-a0ee-ae2fa4aba850
leftrsasigkey=%cert
auto=start
The problem I have is that I can not connect.
There is something like that in logs:
Jan 24 21:23:56 plicbd pluto[1508]: loaded private key for keyid:
PPK_RSA:AwEAAdaBO
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: initiating Main Mode
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: ignoring unknown
Vendor ID payload
[a601e645e2e8e15239409664fdeb5a9000cf9cad0000000e0000061e]
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: received Vendor ID
payload [Dead Peer Detection]
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: ignoring Vendor ID
payload [HeartBeat Notify 386b0100]
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: STATE_MAIN_I2: sent
MI2, expecting MR2
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: I am sending my cert
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: I am sending a
certificate request
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Jan 24 21:23:56 plicbd pluto[1508]: "borucza" #1: STATE_MAIN_I3: sent
MI3, expecting MR3
Jan 24 21:23:58 plicbd pluto[1508]: packet from aaa,bbb.ccc.ddd:500:
ignoring unknown Vendor ID payload
[a601e645e2e8e15239409664fdeb5a9000cf9cad0000000e0000061e]
Jan 24 21:23:58 plicbd pluto[1508]: packet from aaa,bbb.ccc.ddd:500:
received Vendor ID payload [Dead Peer Detection]
Jan 24 21:23:58 plicbd pluto[1508]: packet from aaa,bbb.ccc.ddd:500:
ignoring Vendor ID payload [HeartBeat Notify 386b0100]
Jan 24 21:23:58 plicbd pluto[1508]: packet from aaa,bbb.ccc.ddd:500:
initial Main Mode message received on xxx.yyy,zzz,vvv:500 but no
connection has been authorized with policy=RSASIG
Can somebody help me?
Regards
Chris
More information about the Users
mailing list