1

ipsec Informational Exchange message must be encrypted

view story
linux-howto

http://serverfault.com – I am trying to get a VPN working between Ubuntu and a SonicWall router. I got it configured, but I am getting an odd error whenever a packet comes in to the Ubuntu box "Informational Exchange message must be encrypted" Any ideas? ipsec.conf: conn metal type=tunnel left=10.46.235.204 leftsubnet=0.0.0.0/0.0.0.0 leftid=@linux right=x.x.x.x (my sonicwall WAN IP) rightsubnet= x.x.x.x/19 (my sonicwall LAN network) rightid=@sonic auto=add auth=esp pfs=no authby=secret keyingtries=0 esp=3DES-SHA1 keyexchange=ike ike=3des-sha1-modp1024 aggrmode=yes ipsec.secret @linux @sonic: PSK "sonic" Sonicw (HowTos)

dayu's picture
Submitted by dayu on 08/25/2012

Stories similar to ipsec Informational Exchange message must be encrypted

I have StrongSwan running on a ubuntu server and I'm trying to create an ipsec encrypted VPN tunnel with a Cisco 2821 router . The connection is not working and I cannot figure out why. It appears to complete phase 1, but fails at phase 2. Can anyone provide suggestions? I'm stumped.

I've configured a 3G IP Gateway of mine to connect using IKE Phase 1 Aggressive Mode with PSK to my openswan installation running on Ubuntu server 12.04.

On ClusterA and B I have installed the "openswan" package on Debian Squeeze.

ClusterA ip is 172.16.0.107, B is 172.16.0.108

When they ping one another, it does not reach the destination.

/etc/ipsec.conf:

version 2.0 # conforms to second version of ipsec.conf specification

config setup protostack=netkey oe=off

conn L2TP-PSK-CLUSTER type=transport left=172.1

OpenSwan issues 3 years 43 weeks ago

I'm trying to perform a VPN lan to lan IPSEC connection. By my side, I have a server with 2 IP's, i.j.k.l (destined to act as a VPN gateway) and i.j.k.m (the server). I am a newbie. I don't know if this configuration is normal, but it's forced by our partner.

My configuration is:

OS: Fedora release 7 (Moonshine)

l2tpd over ipsec 36 weeks 4 days ago

Hi All,

I'm having problem connecting to my openswan server (ver 2.4.15) using my iphone 4s. it take me several days and still not works, can any one help me to fix this problem.

Nat the VPN 3 years 15 weeks ago

Hello!

I just got a vpn running to a external client and everything worked fine.

Now they changed the subnet and I have to NAT my 192.168.0.1 in that VPN.

I tried but when I do:

iptables -t nat -I POSTROUTING 1 -p esp -j ACCEPT iptables -I POSTROUTING -t nat -o eth0 -d zzz.z.z.z -j SNAT --to 10.p.pp.p

and change my route:

I've been tearing my hair off in frustration for too long and decided Serverfault might be able to help.

Site2Site tunnel via SSL VPN? 18 weeks 6 days ago

i have tried convincing my opposite office of the tunnel in question to get site-2-site ipsec up and running.

However they are not really into that and run everything via SSL VPN..

Is it possible to create a site to site tunnel via SSL VPN?

How i would setup the ipsec on our Cisco ASA 5505

local net 192.168.0.0/18 remote net 10.50.0.0/18 IKE proposal pre-share-3des-sha, pre-share-aes-256-sha I

config setup protostack=netkey klipsdebug=none plutodebug=none interfaces=%defaultroute oe=no nhelpers=0 nat_traversal=yes

conn %default authby=secret type=tunnel left=%defaultroute left=Ip Server linux (unbutu) leftid=user2@vpn2.arena.net leftsubnet=192.168.1.0/24 # or whatever your ClearOS LAN subnet is leftsourceip=192.168.1.1