[Swan] Connecting to a Digi WR44

John Serink jserink2004 at yahoo.com
Mon Mar 23 09:29:27 EET 2015


Hello:
I am using Libreswan as a road warrior connecting to a Digi WR44.This is the event log from the Digi:AmnasHQ>type eventlog.txt
13:00:24, 23 Mar 2015,(2933) IKE Keys Negotiated. Peer: jserinki713:00:24, 23 Mar 2015,(2933) New Phase 1 IKE Session 119.75.44.126,Responder13:00:11, 23 Mar 2015,Clear Event LogOK
It things phase 1 is complete.Here is the ipsec trace:jserinki7 jserink # 002 "Oman" #1: initiating Aggressive Mode #1, connection "Oman"112 "Oman" #1: STATE_AGGR_I1: initiate003 "Oman" #1: received Vendor ID payload [Dead Peer Detection]003 "Oman" #1: received Vendor ID payload [RFC 3947]003 "Oman" #1: received Vendor ID payload [Cisco-Unity]002 "Oman" #1: Aggressive mode peer ID is ID_KEY_ID: '@#0x416d6e617341646d696e'003 "Oman" #1: no suitable connection for peer '@#0x416d6e617341646d696e'003 "Oman" #1: initial Aggressive Mode packet claiming to be from @AmnasAdmin on 62.231.251.146 but no connection has been authorized218 "Oman" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION002 "Oman" #1: sending notification INVALID_ID_INFORMATION to 62.231.251.146:500
Here is my ipsec.conf file:config setup    protostack=netkey    dumpdir=/var/run/pluto/    nat_traversal=yes    interfaces=%defaultroute
conn Oman     keyingtries=0     left=%defaultroute     leftsourceip=192.168.100.1     leftsubnet=192.168.100.1/24     leftid=@jserinki7     authby=secret     ike=aes128-md5-modp1024     phase2alg=aes128-md5     auto=add     type=tunnel     right=62.231.251.146     rightsubnet=192.168.200.0/24     rightsourceip=192.168.200.1     rightid=@AmnasAdmin     aggrmode=yes     pfs=no
Secrets file looks like this (key replaced with x's):62.231.251.146 @jserinki7  : PSK "xxxxxxxxx"
I can't work out why Libreswan thinks that this connection is not Authorized since AmnasAdmin is specified in the ipsec.conf AND is the ID used from the Digi.
Any pointers on this one?
Have struck out with google.
Cheers,john


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150323/b83e23e3/attachment.html>


More information about the Swan mailing list