[Openswan Users] IPSec VPN Fortigate Phase 2 stuck

Hajder Rabiee hajderr at gmail.com
Fri May 1 03:17:19 EDT 2015 

Hi

Trying to setup a VPN connection to Office Fortigate but I can't pass phase
2.

Received info from sysadmins:


   - PSK
   - IKE v1
   - Aggressive mode

   - Phase1 3DES-SHA1
   - DH group 5
   - Key lifetime 28800

   - XAUTH PAP Server (not sure if this necessary to know)

   - Phase2 3DES-SHA1
   - PFS no



*This is one of many configuration attempts, I've tried adding/removing
different parameters.*

config setup
interfaces=%defaultroute
plutodebug="control parsing"
#klipsdebug=all
plutoopts="--interface=wlan0"
dumpdir=/var/run/pluto/
nat_traversal=no
virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
oe=off
protostack=netkey

conn office
 left=%defaultroute
 right=<my gateway ip>

 phase2=ah
 phase2alg=sha1;modp1536
 type=transport
 authby=secret
 pfs=no
 compress=no
    keyingtries=%forever

*This is the output*
➜  /etc  sudo service ipsec restart
➜  /etc  sudo ipsec auto --add office && sudo ipsec auto --up office
104 "office" #1: STATE_MAIN_I1: initiate
003 "office" #1: received Vendor ID payload [Dead Peer Detection]
003 "office" #1: ignoring unknown Vendor ID payload
[8299031757a36082c6a621de00050282]
106 "office" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "office" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "office" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "office" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "office" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "office" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
031 "office" #1: max number of retransmissions (2) reached STATE_MAIN_I3.
Possible authentication failure: no acceptable response to our first
encrypted message
000 "office" #1: starting keying attempt 2 of an unlimited number, but
releasing whack





-- 
Med vänliga hälsningar / Best Regards
Hajder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150501/d1b206ce/attachment.html>

More information about the Users mailing list