On Sunday 17 November 2002 09:03, Erich Titl wrote: > + sed -n 17,$p /var/log/messages > + egrep -i ipsec|klips|pluto > + cat > Nov 17 14:58:17 gatekeeper kernel: klips_info:pfkey_cleanup: shutting > down PF_KEY domain sockets. > Nov 17 15:07:26 gatekeeper kernel: klips_info:pfkey_cleanup: shutting > down PF_KEY domain sockets. > Nov 17 15:12:29 gatekeeper kernel: klips_info:pfkey_cleanup: shutting > down PF_KEY domain sockets. > Nov 17 15:15:22 gatekeeper kernel: klips_info:pfkey_cleanup: shutting > down PF_KEY domain sockets. > + _________________________ plog
> + > + sed -n 32,$p /var/log/auth.log > + egrep -i pluto > + cat > Nov 17 15:15:46 gatekeeper ipsec__plutorun: Starting Pluto > subsystem... Nov 17 15:15:47 gatekeeper Pluto[31465]: Starting Pluto > (FreeS/WAN Version 1.97) > Nov 17 15:15:47 gatekeeper Pluto[31465]: listening for IKE messages > Nov 17 15:15:47 gatekeeper Pluto[31465]: adding interface ipsec0/eth0 > 217.162.140.106 > Nov 17 15:15:47 gatekeeper Pluto[31465]: loading secrets from > "/etc/ipsec.secrets" > Nov 17 15:31:00 gatekeeper Pluto[31465]: packet from > 217.162.92.182:500: unsupported exchange type ISAKMP_XCHG_AGGR in > message Ok, the encryption/argument given from the Zyxel router is not what the Bering router is expecting and/or setup for. I would verify that the Zyxel router is setup for 3DES encryption and is using only PSK keys for authorization. I guess the tunnel type could also be wrong, but there is no way of guessing w/o knowing anything about the Zyxtel and its configuration. > Nov 17 15:31:54 gatekeeper Pluto[31465]: packet from > 217.162.92.182:500: ignoring Delete SA payload > Nov 17 15:31:54 gatekeeper Pluto[31465]: packet from > 217.162.92.182:500: received and ignored informational message > Nov 17 15:32:00 gatekeeper Pluto[31465]: packet from > 217.162.92.182:500: not enough room in input packet for ISAKMP > Message > Nov 17 15:35:12 gatekeeper Pluto[31465]: packet from > 217.162.92.182:500: initial Main Mode message received on > 217.162.140.106:500 but no connection has been authorized > + _________________________ date None of the information received by the Bering router is acceptable to setup a connection. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html