[Swan] Connecting to a Digi WR44
John Serink
jserink2004 at yahoo.com
Mon Mar 23 09:29:27 EET 2015
Hello:
I am using Libreswan as a road warrior connecting to a Digi WR44.This is the event log from the Digi:AmnasHQ>type eventlog.txt
13:00:24, 23 Mar 2015,(2933) IKE Keys Negotiated. Peer: jserinki713:00:24, 23 Mar 2015,(2933) New Phase 1 IKE Session 119.75.44.126,Responder13:00:11, 23 Mar 2015,Clear Event LogOK
It things phase 1 is complete.Here is the ipsec trace:jserinki7 jserink # 002 "Oman" #1: initiating Aggressive Mode #1, connection "Oman"112 "Oman" #1: STATE_AGGR_I1: initiate003 "Oman" #1: received Vendor ID payload [Dead Peer Detection]003 "Oman" #1: received Vendor ID payload [RFC 3947]003 "Oman" #1: received Vendor ID payload [Cisco-Unity]002 "Oman" #1: Aggressive mode peer ID is ID_KEY_ID: '@#0x416d6e617341646d696e'003 "Oman" #1: no suitable connection for peer '@#0x416d6e617341646d696e'003 "Oman" #1: initial Aggressive Mode packet claiming to be from @AmnasAdmin on 62.231.251.146 but no connection has been authorized218 "Oman" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION002 "Oman" #1: sending notification INVALID_ID_INFORMATION to 62.231.251.146:500
Here is my ipsec.conf file:config setup protostack=netkey dumpdir=/var/run/pluto/ nat_traversal=yes interfaces=%defaultroute
conn Oman keyingtries=0 left=%defaultroute leftsourceip=192.168.100.1 leftsubnet=192.168.100.1/24 leftid=@jserinki7 authby=secret ike=aes128-md5-modp1024 phase2alg=aes128-md5 auto=add type=tunnel right=62.231.251.146 rightsubnet=192.168.200.0/24 rightsourceip=192.168.200.1 rightid=@AmnasAdmin aggrmode=yes pfs=no
Secrets file looks like this (key replaced with x's):62.231.251.146 @jserinki7 : PSK "xxxxxxxxx"
I can't work out why Libreswan thinks that this connection is not Authorized since AmnasAdmin is specified in the ipsec.conf AND is the ID used from the Digi.
Any pointers on this one?
Have struck out with google.
Cheers,john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150323/b83e23e3/attachment.html>
More information about the Swan
mailing list