Seth Hallem | 6 Dec 21:22 2011

[Openswan Users] Cannot connect openswan client with Cisco RV220W IPSec VPN

I am attempting to connect a laptop with an openswan client (Openswan IPsec U2.6.28/K3.0.0-12-generic) with my Cisco RV220W. My connection fails, and the VPN status log shows the following:


2011-12-06 15:04:59: [rv220w][IKE] INFO:  Configuration found for 108.58.YY.YY[500].

2011-12-06 15:04:59: [rv220w][IKE] INFO:  Received request for new phase 1 negotiation: 108.58.XX.XX[500]<=>108.58.YY.YY[500]

2011-12-06 15:04:59: [rv220w][IKE] INFO:  Beginning Identity Protection mode.

2011-12-06 15:04:59: [rv220w][IKE] INFO:  Received unknown Vendor ID

2011-12-06 15:04:59: [rv220w][IKE] INFO:  Received Vendor ID: DPD

2011-12-06 15:04:59: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:09: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:11: [rv220w][IKE] ERROR:  Phase 1 negotiation failed due to time up for 108.58.YY.YY[500]. c2e6f14d16bef607:02dbd105dcc0b299

2011-12-06 15:05:19: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:29: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:39: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:49: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:59: [rv220w][IKE] ERROR:  Phase 1 negotiation failed due to time up for 108.58.YY.YY[500]. 5646ff766f579fb0:b221f323a56ba913


My configuration on the RV220W is as follows:


VPN Policy:

Auto Policy

Remote endpoint is an IP address with 108.58.YY.YY

Local traffic is a subnet

Remote traffic is a single IP (same as above)

Encryption/hash settings are: 3DES, SHA1, no PFS key group, SA lifetime of 3600


IKE Policy:

Responder

Main mode

Local and Remote use explicit IP addresses

3des,sha1,pre-shared key,DH group 2,lifetime of 28800,no dead peer detection,no xauth


On the client, I have the following openswan configuration:

# /etc/ipsec.conf - Openswan IPsec configuration file

 

# This file:  /usr/share/doc/openswan/ipsec.

conf-sample
#
# Manual:     ipsec.conf.5



version    2.0    # conforms to second version of ipsec.conf specification

# basic configuration
config setup
    # Do not set debug options to debug configuration issues!
    # plutodebug / klipsdebug = "all", "none" or a combation from below:
    # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
    # eg:
    # plutodebug="control parsing"
    #
    # enable to get logs per-peer
    # plutoopts="--perpeerlog"
    #
    # Again: only enable plutodebug or klipsdebug when asked by a developer
    #
    # NAT-TRAVERSAL support, see README.NAT-Traversal
    nat_traversal=no
    # exclude networks used on server side by adding %v4:!a.b.c.0/24
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
    # OE is now off by default. Uncomment and change to on, to enable.
    oe=off
    # which IPsec stack to use. auto will try netkey, then klips then mast
    interfaces=%defaultroute
    plutodebug=all
    protostack=netkey

# Add connections here
conn L2TP-PSK
     # Use a pre-shared key.
     # Connection type _must_ be transport mode
     authby=secret
     keyingtries=3
     type=transport
     # "left" is the local linux machine
     left=%defaultroute
     leftprotoport=17/1701
     # "right" is the remote server
     right=108.58.XX.XX
     rightprotoport=17/1701
     # Do not install on startup
     auto=add
     # SA settings
     ike=3des-sha1-modp1024
     esp=3des-sha1
     keyexchange=ike
     pfs=no


I would appreciate any insights into what might be going wrong here.

_______________________________________________
Users <at> openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

Gmane