Re: IPSEC tunnel

From: Luc MAIGNAN <luc.maignan@xxxxxxxxxxxx>
Date: Thu, 16 Dec 2010 19:47:12 +0100

Hi,

I succeed to pass phase1 but not phase2.

* Any idea ?
* Can a Linux-based IPSEC tunnel can really contact a NETASQ router ?

Here is my logs :

Dec 16 19:28:43 Fedora-64-2 racoon: INFO: IPsec-SA request for 8x.xxx.xx.xx queued due to no phase1 found.
Dec 16 19:28:43 Fedora-64-2 racoon: INFO: initiate new phase 1 negotiation: 192.168.50.181[500]<=>8x.xxx.xx.xx[500]
Dec 16 19:28:43 Fedora-64-2 racoon: INFO: begin Aggressive mode.
Dec 16 19:28:43 Fedora-64-2 racoon: INFO: received Vendor ID: DPD
Dec 16 19:28:43 Fedora-64-2 racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Dec 16 19:28:43 Fedora-64-2 racoon: INFO: ISAKMP-SA established 192.168.50.181[500]-8x.xxx.xx.xx[500] spi:d246d525eb2367b9:370a599c26588a34
Dec 16 19:28:44 Fedora-64-2 racoon: INFO: initiate new phase 2 negotiation: 192.168.50.181[500]<=>8x.xxx.xx.x[500]
Dec 16 19:29:14 Fedora-64-2 racoon: INFO: IPsec-SA expired: AH/Transport 8x.xxx.xx.xx[0]->192.168.50.181[0] spi=72170590(0x44d3c5e)
Dec 16 19:29:14 Fedora-64-2 racoon: WARNING: the expire message is received but the handler has not been established.
Dec 16 19:29:14 Fedora-64-2 racoon: INFO: IPsec-SA expired: ESP/Transport 8x.xxx.xx.xx[0]->192.168.50.181[0] spi=75860073(0x4858869)

ANY help would be appreciated

Best Regards

Le 10/12/10 17:41, Kevin Fenzi a écrit :

On Fri, 10 Dec 2010 10:09:10 +0100
Luc MAIGNAN<luc.maignan@xxxxxxxxxxxx> wrote:

Hi,

one more time...

I have to setup a VPN IPSEC tunnel between a linux machine and a
physical router. The security mode of the router is 'IKE using
pre-shared key'

I cannot use openVPN because the router isn't compliant with.

I want so use openSwan to setup the IPSEC tunnel.

Am I right ?
How to configure the pre-shared key with openswan ?

Try:

http://docs.fedoraproject.org/en-US/Fedora/14/html-single/Security_Guide/index.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec

kevin

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

References:
- IPSEC tunnel
  - From: Luc MAIGNAN
- Re: IPSEC tunnel
  - From: Kevin Fenzi

Prev by Date: Re: About programing, a general question
Next by Date: Re: Security ?
Previous by thread: Re: IPSEC tunnel
Next by thread: Fedora 14 : Display is dim and gloomy
Index(es):
- Date
- Thread

Relevant Pages

Re: IPSEC tunnel
... The security mode of the router is 'IKE using ... I want so use openSwan to setup the IPSEC tunnel. ...
(Fedora)
IPSEC tunnel
... The security mode of the router is 'IKE using ... I want so use openSwan to setup the IPSEC tunnel. ...
(Fedora)
Re: AD replication over sites & adding SVR to domain over Firewall
... You can use a IPSec tunnel as a VPN if you prefer that to using ... (phone on web site) ... does not come with Windows. ... What modern router cannot do IPSec? ...
(microsoft.public.win2000.active_directory)
IPSEC under Fedora problem
... I have to establish an IPSEC TUNNEL between a Fedora box ... and a NETASQ F200 router. ... has anyone succeed to make an IPSEC tunnel to an NETASQ F200 ...
(Fedora)
IPSec on 3Com OfficeConnecr 3CR858 with any Win VPN client
... 3Com 3CR858 router and a Windows PC. ... I've tried to connect to the IPSec tunnel using NCP, ... ADSL modem to eliminate NAT trouble. ...
(comp.dcom.vpn)