[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] Openswan & ISAKMP (OpenBSD) interoperability
From:       Laurent CARON <lcaron () unix-scripts ! info>
Date:       2008-08-26 17:14:18
Message-ID: 48B439EA.50105 () unix-scripts ! info
[Download RAW message or body]

Peter McGill wrote:
> Laurent,
> 
> The error your getting is caused by configuration mismatch.
> 
> I've never attempted with isakmpd myself, but from the
> isakmpd ipsec.conf man page, I would suggest the following:
> 
> OpenBSD ipsec.conf:
> ike esp from 10.50.0.0/24 to 192.168.9.0/24 peer 1.2.3.4 \
>     main auth hmac-sha1 enc aes group modp1024 \
>     quick auth hmac-sha1 enc aes group modp1024 \
>     psk "mynicepassphrase"
> 
> Linux ipsec.conf:
> conn lnx-bsd
>     left=1.2.3.4
>     leftsubnet=192.168.9.0/24
>     right=2.3.4.5
>     rightsubnet=10.50.0.0/24
>     ike=aes-sha1;modp1024
>     esp=aes-sha1
>     pfs=yes
>     authby=secret
>     auto=start
> 

Thanks,

I just tried it:

Had to change:
ike=aes-sha1-modp1024

on the linux box (; to -)

Linux log:
lnx-bsd" #2: STATE_MAIN_I3: sent MI3, expecting MR3

doesn't go further

bsd logs:
Aug 26 19:14:01 fw-001 isakmpd[24011]: dropped message from linux_PUBLIC 
port 500 due to notification type PAYLOAD_MALFORMED
Aug 26 19:14:10 fw-001 isakmpd[24011]: message_parse_payloads: reserved 
field non-zero: e4
Aug 26 19:14:10 fw-001 isakmpd[24011]: dropped message from linux_PUBLIC 
port 500 due to notification type PAYLOAD_MALFORMED
Aug 26 19:14:31 fw-001 isakmpd[24011]: message_parse_payloads: reserved 
field non-zero: e4
Aug 26 19:14:31 fw-001 isakmpd[24011]: dropped message from linux_PUBLIC 
port 500 due to notification type PAYLOAD_MALFORMED


Seems a parameter is bad somewhere :(

Laurent

[prev in list] [next in list] [prev in thread] [next in thread]