Re: [strongSwan] Try to use Cisco VPN client

Wed, 06 Jan 2010 10:29:10 -0800 

add

authby=xauthrsasig
xauth=server

the statusall became like below, but vpn client error, Reason 401: An
unrecognized error occurred while establishing the VPN connection.

000 Status of IKEv1 pluto daemon (strongSwan 4.3.6dr5):
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:4500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 167.22.15.11:4500
000 interface eth0/eth0 167.22.15.11:500
000 interface eth0/eth0 10.0.0.1:4500
000 interface eth0/eth0 10.0.0.1:500
000 %myid = '%any'
000 loaded plugins: sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp
random curl sqlite attr-sql xcbc
000 debug options:
raw+crypt+parsing+emitting+control+lifecycle+klips+dns+natt+oppo+controlmore
000
000 "cisco": 0.0.0.0/0===167.22.15.11[C=CN, O=LD,
CN=no2]---167.22.15.1...%any[%any]===10.3.0.0/24; unrouted; eroute
owner: #0
000 "cisco":   CAs: "C=CN, O=LampDrive, CN=LVPN"...%any
000 "cisco":   ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s;
rekey_fuzz: 100%; keyingtries: 1
000 "cisco":   policy: ENCRYPT+TUNNEL+PFS+XAUTHRSASIG+XAUTHSERVER;
prio: 0,24; interface: eth0;
000 "cisco":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "cisco"[1]: 0.0.0.0/0===167.22.15.11[C=CN, O=LD,
CN=no2]---167.22.15.1...218.240.6.69:60187[218.240.46.169]===10.3.0.0/24;
unrouted; eroute owner: #0
000 "cisco"[1]:   CAs: "C=CN, O=LampDrive, CN=LVPN"...%any
000 "cisco"[1]:   ike_life: 3600s; ipsec_life: 1200s; rekey_margin:
180s; rekey_fuzz: 100%; keyingtries: 1
000 "cisco"[1]:   policy: ENCRYPT+TUNNEL+PFS+XAUTHRSASIG+XAUTHSERVER;
prio: 0,24; interface: eth0;
000 "cisco"[1]:   newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #1: "cisco"[1] 218.240.6.69:60187 STATE_MAIN_R2 (sent MR2,
expecting MI3); EVENT_RETRANSMIT in 19s


debug::

"cisco"[2] 218.240.6.69:49983 #2: peer requested 2147483 seconds which
exceeds our limit 86400 seconds
"cisco"[2] 218.240.6.69:49983 #2: lifetime reduced to 86400 seconds
(todo: IPSEC_RESPONDER_LIFETIME notification)


On Thu, Jan 7, 2010 at 1:57 AM, Daniel Mentz
<[email protected]> wrote:
> authby=xauthrsasig
> xauth=server
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to