Matthew & Bill, Thank you for the response. I am now able to establish the tunnel using RSA signature, though there are still bit and pieces and I need to put together.
Regards, Kelvin -----Original Message----- From: Matthew Grooms [mailto:[EMAIL PROTECTED] Sent: Saturday, March 24, 2007 1:29 PM To: [email protected] Subject: Re: [pfSense Support] Racoon Error Messages Kelvin Chiang wrote: > Hi, I am still figuring out how to get IPSec working using RSA > signature. Still no luck but I think I am getting closer. I have seen > errors messages below, does anyone know what is "exchange type 6"? > > Mar 24 09:25:41 racoon: INFO: respond new phase 1 negotiation: > 210.23.14.8[500]<=>218.186.35.230[500] > Mar 24 09:25:41 racoon: INFO: begin Identity Protection mode. > Mar 24 09:25:41 racoon: INFO: received Vendor ID: CISCO-UNITY > Mar 24 09:25:41 racoon: WARNING: unable to get certificate CRL(3) at > depth:0 SubjectName:/C=SG/ST=Singapore/L=Singapore/O=Laxo Global > Access > Pte Ltd/OU=Network/CN=Kelvin Chiang/[EMAIL PROTECTED] > Mar 24 09:25:41 racoon: INFO: ISAKMP-SA established > 210.23.14.8[500]-218.186.35.230[500] spi:acc291a49b2a3750:a40aa2dc238e66db > Mar 24 09:25:41 racoon: ERROR: Invalid exchange type 6 from > 218.186.35.230[500]. > You are passing RSA authentication now without error. Exchange type 6 is the modecfg exchange and is used after phase 1 and before phase 2. You will see this error when using an old verson of ipsec-tools or a newer version that has been compiled without the --enable-hybdid configure option. I believe the version of ipsec-tools shipped with pfsense is a rather old version. If you happen to be using the Shrew Soft VPN Client to connect with a pfsense gateway, here is a post on the vpn help mailing list that you may find useful. It basically describes what options need to be configured manually so that the modecfg exchange will be skipped. http://lists.shrew.net/pipermail/vpn-help/2006-October/000610.html -Matthew --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
