IPSEC VPN between OpenBSD and Linux (OpenSwan)

[Laurent CARON]

Hi,

I'm basically trying to setup a VPN between a linux box (debian) and an 
OpenBSD one.

I'd like to use a PSK for that VPN.

Here are the config files:

Linux box:
conn jak-ha
    left=PUBLICIP_OF_LINUX_BOX
    leftsubnet=192.168.9.0/24
    right=PUBLIC_IP_OF_BSD_BOX
    rightsubnet=10.50.0.0/24
    auto=start
    authby=secret

abstract of ipsec.secrets:
PUBLIC_IP_OF_LNUX_BOX PUBLIC_IP_OF_BSD_BOX : PSK 
"azD1HPpljzd5ZNzybmjcCiJfonlXwJk8"

Bsd box:
ike esp from 10.50.0.0/24 to 192.168.9.0/24 peer PUBLIC_IP_OF_LINUX_BOX 
main auth hmac-md5 enc 3des group modp1536 quick auth hmac-md5 enc 3des 
group modp1536 psk "azD1HPpljzd5ZNzybmjcCiJfonlXwJk8"
ike esp from PUBLIC_IP_OF_BSD_BOX to 192.168.9.0/24 peer 
PUBLIC_IP_OF_LINUX_BOX main auth hmac-md5 enc 3des group modp1536 quick 
auth hmac-md5 enc 3des group modp1536 psk "azD1HPpljzd5ZNzybmjcCiJfonlXwJk8"
ike esp from PUBLIC_IP_OF_BSD_BOX to PUBLIC_IP_OF_LINUX_BOX


I got those messages on the /var/log/messages file on the BSD box:
Aug 25 13:21:55 fw-001 isakmpd[15732]: attribute_unacceptable: 
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC
Aug 25 13:21:55 fw-001 isakmpd[15732]: attribute_unacceptable: 
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC
Aug 25 13:21:55 fw-001 isakmpd[15732]: attribute_unacceptable: 
GROUP_DESCRIPTION: got MODP_1536, expected MODP_1024
Aug 25 13:24:03 fw-001 isakmpd[15732]: attribute_unacceptable: 
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC
Aug 25 13:24:03 fw-001 isakmpd[15732]: attribute_unacceptable: 
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC
Aug 25 13:24:03 fw-001 isakmpd[15732]: attribute_unacceptable: 
GROUP_DESCRIPTION: got MODP_1536, expected MODP_1024
Aug 25 13:24:19 fw-001 isakmpd[15732]: transport_send_messages: giving 
up on exchange IPsec-212.99.8.244-192.168.9.0/24, no response from peer 
219.83.41.82:500
Aug 25 13:24:19 fw-001 isakmpd[15732]: transport_send_messages: giving 
up on exchange IPsec-PUBLIC_IP_OF_BSD_BOX-PUBLIC_IP_OF_LINUX_BOX, no 
response from peer PUBLIC_IP_OF_LINUX_BOX:500
Aug 25 13:26:51 fw-001 isakmpd[15732]: message_parse_payloads: invalid 
next payload type <Unknown 111> in payload of type 8
Aug 25 13:26:51 fw-001 isakmpd[15732]: dropped message from 
PUBLIC_IP_OF_LINUX_BOX port 500 due to notification type 
INVALID_PAYLOAD_TYPE
Aug 25 13:26:51 fw-001 isakmpd[15732]: message_parse_payloads: invalid 
next payload type <Unknown 56> in payload of type 8


Seems i misconfigured something.

Did anyone see what ?

Thanks