Hi All , i am newbie to vyatta iPSEC VPN has setup an site - to -site VPN as per config document of vyatta between 2 vyatta routers . Not able to establish the VPN and /var/log/messages says
site 1 Feb 28 02:39:44 localhost pluto[3973]: "peer-Y.Y.Y.Y-tunnel-1" #691: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP to replace #690 {using isakmp#687} Feb 28 02:39:44 localhost pluto[3973]: "peer-Y.Y.Y.Y-tunnel-1" #687: ignoring informational payload, type NO_PROPOSAL_CHOSEN Feb 28 02:39:44 localhost pluto[3973]: "peer-Y.Y.Y.Y-tunnel-1" #687: received and ignored informational message Feb 28 02:39:54 localhost pluto[3973]: "peer-Y.Y.Y.Y-tunnel-1" #687: ignoring informational payload, type INVALID_MESSAGE_ID Feb 28 02:39:54 localhost pluto[3973]: "peer-Y.Y.Y.Y-tunnel-1" #687: received and ignored informational message Feb 28 02:40:14 localhost pluto[3973]: "peer-Y.Y.Y.Y-tunnel-1" #687: ignoring informational payload, type INVALID_MESSAGE_ID Feb 28 02:40:14 localhost pluto[3973]: "peer-Y.Y.Y.Y-tunnel-1" #687: received and ignored informational message Site 2 IPsec Transform [ESP_AES (256), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag Feb 28 02:31:33 localhost pluto[3983]: "peer-X.X.X.X-tunnel-1" #751: no acceptable Proposal in IPsec SA Feb 28 02:31:33 localhost pluto[3983]: "peer-X.X.X.X-tunnel-1" #751: sending encrypted notification NO_PROPOSAL_CHOSEN to 202.91.74.130:500 Feb 28 02:31:40 localhost pluto[3983]: "peer-X.X.X.X-tunnel-1" #746: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x211f93c1 (perhaps this is a duplicated packet) Feb 28 02:31:40 localhost pluto[3983]: "peer-X.X.X.X-tunnel-1" #746: sending encrypted notification INVALID_MESSAGE_ID to Y.Y.Y.Y:500 Site 1 config vpn { ipsec { ipsec-interfaces { interface eth0 } ike-group "IKE-1W" { proposal 1 { encryption: "aes256" } proposal 2 { } lifetime: 3600 } esp-group "ESP-1W" { proposal 1 { encryption: "aes256" } proposal 2 { encryption: "3des" hash: "md5" } lifetime: 1800 } site-to-site { peer X.X.X.X { authentication { mode: "rsa" pre-shared-secret: "test_key_1" rsa-key-name: "CO-key" } ike-group: "IKE-1W" local-ip: Y.Y.Y.Y tunnel 1 { local-subnet: 192.168.1.0/24 remote-subnet: 192.168.0.0/24 esp-group: "ESP-1W" } } } } rsa-keys { rsa-key-name "CO-key" { rsa-key: "0sAQOBguI8jQvYGCKf3KFP3sQHTTwP3AVokIXnoEyaNOEgqxPtITCEV4SJYkBk7//ZnBovZJJ8s0/qDGOPkjK4rAjTNEXCoGZBoHR3W6Sus40RU+33Cc/qwBzl5xHgU2iDdlESMWV8PVa1keVqU19KELpc3zLS0GdFaJKoJIeDSyyWoicAp9AQ8GG2OaaYDI+GvLKpf5V1DK6Rqfz5dLab+UIXcqLsqQ2a+VrL9Bbul/p8Z5vc7RgqS8GRjwzoPqUr+5HDw2HUxTXAhUek3HBu96lJ+H1LO63d28OV+B2cc0kWMuiEke1MGJtcWbyYtr6vKCQbGjOJjZqB+sq8ma9Zg8kAOIrPLIpQsXe/TjS4Cp0xbMgX" } } } Site 2 config is vpn { ipsec { ipsec-interfaces { interface eth0 } ike-group "IKE-1E" { proposal 1 { encryption: "aes256" } } esp-group "ESP-1E" { proposal 2 { encryption: "3des" hash: "md5" } lifetime: 1800 } site-to-site { peer 202.91.74.130 { authentication { mode: "rsa" pre-shared-secret: "test_key_1" rsa-key-name: "NLD-key" } ike-group: "IKE-1E" local-ip: 202.91.67.162 tunnel 1 { local-subnet: 192.168.0.0/24 remote-subnet: 192.168.1.0/24 esp-group: "ESP-1E" } } } } rsa-keys { rsa-key-name "NLD-key" { rsa-key: "0sAQOOVx2lEQNsCqFU9M4bhovvC28mf7e1sYNaBC1FAaG5qyO2PnGic+anlVJYvjvHBj3wBYV+L6pMRsTv28Qn9wFGCXUR/aSM4+RdnHSTBy8sgWKpw9vCVMJ/J60x6/B7uc6a0e8+2jJ8PnfFDoPG7C9UHDUM1r+d2vSno8bb5MlzQ81ib1Gczfp/nnvvMqUi99DWnUqGcPOcPrS7hctCP0Za6YIvDd3/l9xRPC+a1I1ouEW8+8HcrhFEOLHL/SUc2Qoq+BPO0vxLRkuZZhhCvmOk3BvTRGh43E39ttyO2YHE3LqxbBTZvmYYZcWE9899iZkne0ffhSW6M4BzKL1WIhw8tupImP1+QTekmwglodAW72Bv" } } } Please help.. TIA Regards Ben
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users