IPSEC tunnel

Luc MAIGNAN luc.maignan at winxpert.com
Thu Dec 16 18:47:12 UTC 2010 

Hi,

I succeed to pass phase1 but not phase2.

    * Any idea ?
    * Can a Linux-based IPSEC tunnel can really contact a NETASQ router ?


Here is my logs :

Dec 16 19:28:43 Fedora-64-2 racoon: INFO: IPsec-SA request for 
8x.xxx.xx.xx queued due to no phase1 found.
Dec 16 19:28:43 Fedora-64-2 racoon: INFO: initiate new phase 1 
negotiation: 192.168.50.181[500]<=>8x.xxx.xx.xx[500]
Dec 16 19:28:43 Fedora-64-2 racoon: INFO: begin Aggressive mode.
Dec 16 19:28:43 Fedora-64-2 racoon: INFO: received Vendor ID: DPD
Dec 16 19:28:43 Fedora-64-2 racoon: NOTIFY: couldn't find the proper 
pskey, try to get one by the peer's address.
Dec 16 19:28:43 Fedora-64-2 racoon: INFO: ISAKMP-SA established 
192.168.50.181[500]-8x.xxx.xx.xx[500] spi:d246d525eb2367b9:370a599c26588a34
Dec 16 19:28:44 Fedora-64-2 racoon: INFO: initiate new phase 2 
negotiation: 192.168.50.181[500]<=>8x.xxx.xx.x[500]
Dec 16 19:29:14 Fedora-64-2 racoon: INFO: IPsec-SA expired: AH/Transport 
8x.xxx.xx.xx[0]->192.168.50.181[0] spi=72170590(0x44d3c5e)
Dec 16 19:29:14 Fedora-64-2 racoon: WARNING: the expire message is 
received but the handler has not been established.
Dec 16 19:29:14 Fedora-64-2 racoon: INFO: IPsec-SA expired: 
ESP/Transport 8x.xxx.xx.xx[0]->192.168.50.181[0] spi=75860073(0x4858869)

ANY help would be appreciated

Best Regards

Le 10/12/10 17:41, Kevin Fenzi a écrit :
> On Fri, 10 Dec 2010 10:09:10 +0100
> Luc MAIGNAN<luc.maignan at winxpert.com>  wrote:
>
>> Hi,
>>
>> one more time...
>>
>> I have to setup a VPN IPSEC tunnel between a linux machine and a
>> physical router. The security mode of the router is 'IKE using
>> pre-shared key'
>>
>> I cannot use openVPN because the router isn't compliant with.
>>
>> I want so use openSwan to setup the IPSEC tunnel.
>>
>> Am I right ?
>> How to configure the pre-shared key with openswan ?
> Try:
>
> http://docs.fedoraproject.org/en-US/Fedora/14/html-single/Security_Guide/index.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec
>
> kevin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20101216/5c93b71f/attachment.html

More information about the users mailing list