OK I have |migrated to openswan installed it successfully and here are the log messages that i get on my linux box: May 6 12:23:42 encmail pluto[5947]: "mm" #1: initiating Main Mode May 6 12:23:42 encmail ipsec__plutorun: 104 "mm" #1: STATE_MAIN_I1: initiate May 6 12:23:42 encmail ipsec__plutorun: ...could not start conn "mm" May 6 12:23:44 encmail pluto[5947]: "mm" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 6 12:23:48 encmail pluto[5947]: "mm" #1: ignoring Vendor ID payload [01a3437e1d6102df5918a08c21f0ad33] May 6 12:23:48 encmail pluto[5947]: "mm" #1: I did not send a certificate because I do not have one. May 6 12:23:48 encmail pluto[5947]: "mm" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 6 12:23:49 encmail pluto[5947]: "mm" #1: Peer ID is ID_IPV4_ADDR: '195.26.157.18' May 6 12:23:49 encmail pluto[5947]: "mm" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 6 12:23:49 encmail pluto[5947]: "mm" #1: ISAKMP SA established May 6 12:23:49 encmail pluto[5947]: "mm" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1} May 6 12:23:53 encmail pluto[5947]: "mm" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN May 6 12:23:53 encmail pluto[5947]: "mm" #1: received and ignored informational message May 6 12:24:59 encmail pluto[5947]: "mm" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode messa ge: perhaps peer likes no proposal I am desperate and have no idea what to do next? here is the cisco log on the other site: 2w1d: %CRYPTO-4-IKMP_NO_SA: IKE message from 82.214.208.99 has no SA (Security Associations) and is not an initialization offer looking forward to hear from you aleks --- Dana Hudes <dhudes@tcp-ip.info> wrote:
freeswan is no longer under active development or maintenance by its developers, per the project home page. I suggest you find an alternative ipsec implementation...perhaps openvpn will suit your needs.
On Wed, 4 May 2005, Aleksandar Ivanovski wrote:
Hi List,
I have installed freeswan on suse9.0 pro, 2.4.21-99-default . freeswan-1.99_0.9.34-27 freeswan.ca says that 2.4.2x+ works OK with freeswan1.99
The remote site uses cisco IPSec. Since I am very new to IPSec issues, sorry for the stupid questions below sad.gif The other site gave me these infos:
PHASE1 (ISAKMP): encryption algorithm: 3DES hash algorithm: Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group: #2 (1024 bit) lifetime: 86400 seconds, no volume limit
PHASE2 (IPSEC): encryption algorithm: 3DES hash algorithm: Secure Hash Standard Security association lifetime 4608000 kilobytes/3600 seconds No PFS
and that all we need to do is exchange the pre-shared keys and IP addresses.
First question is wheather it is possible at all to establish such a connection?
I have been reading a pdf Implementing site-to-site ipsec between cisco router and freeswan and have done all the steps
Iam attaching here the conf files and the logs:
config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces="ipsec0=eth0" # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes ......
conn freeswan-cisco # Left security gateway, subnet behind it, next hop toward right. left=hidden IP address leftsubnet=10.1.10.0/24 (my LAN) leftnexthop= gateway that takes me to internet static IP) # Right security gateway, subnet behind it, next hop toward left. right= IP provided by the operator rightsubnet= rightnexthop= # To authorize this connection, but not actually start it, at startup, # uncomment this. auto=add authby=secret
and add row at the end of ipsec.secrets: theirIP myIP : PSK "shared-key that were sent to me by the operator"
/var/log/messages:
Apr 29 14:57:14 linux pluto[4663]: "freeswan-cisco" #1: initiating Main Mode Apr 29 14:57:17 linux pluto[4663]: "freeswan-cisco" #1: Can't authenticate: no preshared key found for `10.1.10.176' and `195.26.157.18'. Attribute OAKLEY_A UTHENTICATION_METHOD Apr 29 14:57:17 linux pluto[4663]: "freeswan-cisco" #1: no acceptable Oakley Transform Apr 29 14:57:17 linux pluto[4663]: "freeswan-cisco" #1: sending notification NO_PROPOSAL_CHOSEN to 195.26.157.18:500 Apr 29 14:57:26 linux pluto[4663]: "freeswan-cisco" #1: Can't authenticate: no preshared key found for `10.1.10.176' and `195.26.157.18'. Attribute OAKLEY_A UTHENTICATION_METHOD
Since I do not have where to read and where to search for these error messages please drop few lines anything, links, pdf's, whats the solution for errors .....
10x to you all
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail