4

StrongSwan ipsec ubuntu "ignoring informational payload, type NO_PROPOSAL_CHOSEN"

view full story
linux-howto

http://serverfault.com – I have StrongSwan running on a ubuntu server and I'm trying to create an ipsec encrypted VPN tunnel with a Cisco 2821 router . The connection is not working and I cannot figure out why. It appears to complete phase 1, but fails at phase 2. Can anyone provide suggestions? I'm stumped. BTW, my server is in the amazon cloud. Here is my config: conn my-conn type=tunnel authby=secret auth=esp ikelifetime=86400s keylife=3600s esp=3des-sha1 ike=3des-sha1-modp1024 keyexchange=ike pfs=no forceencaps=yes # Lef (HowTos)

u85500's picture
Submitted by u85500 on 12/28/2011 – Made popular on 12/28/2011

Stories similar to StrongSwan ipsec ubuntu "ignoring informational payload, type NO_PROPOSAL_CHOSEN"

I am trying to get a VPN working between Ubuntu and a SonicWall router.

OpenSwan issues 3 years 43 weeks ago

I'm trying to perform a VPN lan to lan IPSEC connection. By my side, I have a server with 2 IP's, i.j.k.l (destined to act as a VPN gateway) and i.j.k.m (the server). I am a newbie. I don't know if this configuration is normal, but it's forced by our partner.

My configuration is:

OS: Fedora release 7 (Moonshine)

Site2Site tunnel via SSL VPN? 18 weeks 6 days ago

i have tried convincing my opposite office of the tunnel in question to get site-2-site ipsec up and running.

However they are not really into that and run everything via SSL VPN..

Is it possible to create a site to site tunnel via SSL VPN?

How i would setup the ipsec on our Cisco ASA 5505

local net 192.168.0.0/18 remote net 10.50.0.0/18 IKE proposal pre-share-3des-sha, pre-share-aes-256-sha I

Phase #1 (IKE) succeeds without any complications (verified at the target server). Phase #2 (IPSec), however, is erroneous at some point (apparently due to misconfiguration on localhost).

This should be an IPSec-only connection. I am using OpenSwan on Debian. The error log reads this (the actual IP-addr.

On ClusterA and B I have installed the "openswan" package on Debian Squeeze.

ClusterA ip is 172.16.0.107, B is 172.16.0.108

When they ping one another, it does not reach the destination.

/etc/ipsec.conf:

version 2.0 # conforms to second version of ipsec.conf specification

config setup protostack=netkey oe=off

conn L2TP-PSK-CLUSTER type=transport left=172.1

I have had a IPSEC connection setup between two firewalls. Now I want to remove the tunnel in my firewall, a "Fortigate 60".

There are two phases, "Phase 1" and "Phase 2" for each IPSEC connection. I can delete the "Phase 2" entry by clicking the trashcan icon (in the web interface), but there is not such icon for "Phase 1".

Nat the VPN 3 years 15 weeks ago

Hello!

I just got a vpn running to a external client and everything worked fine.

Now they changed the subnet and I have to NAT my 192.168.0.1 in that VPN.

I tried but when I do:

iptables -t nat -I POSTROUTING 1 -p esp -j ACCEPT iptables -I POSTROUTING -t nat -o eth0 -d zzz.z.z.z -j SNAT --to 10.p.pp.p

and change my route:

I have an host in Amazon EC2 which is configured with an OpenVPN Access Server. The only client to this server is acting as a gateway from a private network. I installed StrongSWAN 5 on the same host to allow windows 7 and iOS clients to connect using IPSEC. Both services works but what I cannot figure out is how to configure StrongSWAN to consider the OpenVPN tunnel endpoint as the only gateway a

I recieved a list of commands that were run on the right side of the VPN tunnel which is where the Cisco ASA resides. On my side, I have a linux based firewall running debian with openswan installed.