Re: [Users] Vigor2600 DSL router and FreeS/WAN

From: Sam Sgro (sam_at_freeswan.org)
Date: Thu Nov 28 2002 - 09:10:29 CET

• Next message: Nico Baggus: "Re: [Users] packets don't know how to leave the gw"
• Previous message: martin f krafft: "Re: [Users] why doesn't `ipsec auto --down <connection>` work?"
• In reply to: Carles Xavier Munyoz Baldó: "[Users] Vigor2600 DSL router and FreeS/WAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 2002, Carles Xavier Munyoz Baldó wrote:

> I'm having problems to build an IPSEC tunnel between a Vigor2600 DSL router
> and a Linux FreeS/WAN box.
>
> Is there any guide to make it go ?

No guides that I've seen, but some Users have reported successful connections.

> When I run:
> ipsec auto --up left-rigth
> I get the next set of messages:
> 104 "left-rigth" #1: STATE_MAIN_I1: initiate
> 106 "left-rigth" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "left-rigth" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 003 "left-rigth" #1: discarding duplicate packet; already STATE_MAIN_I3
> 003 "left-rigth" #1: discarding duplicate packet; already STATE_MAIN_I3
> 010 "left-rigth" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
> 010 "left-rigth" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
> 031 "left-rigth" #1: max number of retransmissions (2) reached STATE_MAIN_I3.
> Possible authentication failure: no acceptable response to our first
> encrypted message

Though it's accepted the initial contact, the Vigor2600 doesn't like something
about how we have either presented ourselves; our identification or
authentication credentials likely aren't correct, according to the Vigor2600.
You need to check its logs, and find out why it rejected the FreeS/WAN
connection.

If this doesn't help, perhaps you can provide more details in your next post.
Your configuration files, a network diagram representing the machines
you're trying to connect, and any info from the Vigor your can provide.

- --
Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPeXPdkOSC4btEQUtAQF/owP/XPBGTX3ZTvish1ukLClFR0su7tpomFAZ
HzQkitUm6mK13vv5GAAQ18RZLXaRkEOoZ6bza/XJFRBFZuqZ3oBG9aSrwFN89gi3
/CrpWnuRkOsUwh6MsTsHI0AKjtLPUEqUHkbV0qVOXTWTfw25Rnna+Gencyfa1DJs
W/TAyq5Hw8s=
=14mv
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Nico Baggus: "Re: [Users] packets don't know how to leave the gw"
• Previous message: martin f krafft: "Re: [Users] why doesn't `ipsec auto --down <connection>` work?"
• In reply to: Carles Xavier Munyoz Baldó: "[Users] Vigor2600 DSL router and FreeS/WAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Nov 29 2002 - 05:21:11 CET