On Sunday 17 November 2002 09:03, Erich Titl wrote:

> + sed -n 17,$p /var/log/messages
> + egrep -i ipsec|klips|pluto
> + cat
> Nov 17 14:58:17 gatekeeper kernel: klips_info:pfkey_cleanup: shutting
> down PF_KEY domain sockets.
> Nov 17 15:07:26 gatekeeper kernel: klips_info:pfkey_cleanup: shutting
> down PF_KEY domain sockets.
> Nov 17 15:12:29 gatekeeper kernel: klips_info:pfkey_cleanup: shutting
> down PF_KEY domain sockets.
> Nov 17 15:15:22 gatekeeper kernel: klips_info:pfkey_cleanup: shutting
> down PF_KEY domain sockets.
> + _________________________ plog



> +
> + sed -n 32,$p /var/log/auth.log
> + egrep -i pluto
> + cat
> Nov 17 15:15:46 gatekeeper ipsec__plutorun: Starting Pluto
> subsystem... Nov 17 15:15:47 gatekeeper Pluto[31465]: Starting Pluto
> (FreeS/WAN Version 1.97)
> Nov 17 15:15:47 gatekeeper Pluto[31465]: listening for IKE messages
> Nov 17 15:15:47 gatekeeper Pluto[31465]: adding interface ipsec0/eth0
> 217.162.140.106
> Nov 17 15:15:47 gatekeeper Pluto[31465]: loading secrets from
> "/etc/ipsec.secrets"
> Nov 17 15:31:00 gatekeeper Pluto[31465]: packet from
> 217.162.92.182:500: unsupported exchange type ISAKMP_XCHG_AGGR in
> message

Ok, the encryption/argument given from the Zyxel router is not
what the Bering router is expecting and/or setup for. I would
verify that the Zyxel router is setup for 3DES encryption and
is using only PSK keys for authorization. I guess the tunnel
type could also be wrong, but there is no way of guessing w/o
knowing anything about the Zyxtel and its configuration.

> Nov 17 15:31:54 gatekeeper Pluto[31465]: packet from
> 217.162.92.182:500: ignoring Delete SA payload
> Nov 17 15:31:54 gatekeeper Pluto[31465]: packet from
> 217.162.92.182:500: received and ignored informational message
> Nov 17 15:32:00 gatekeeper Pluto[31465]: packet from
> 217.162.92.182:500: not enough room in input packet for ISAKMP
> Message
> Nov 17 15:35:12 gatekeeper Pluto[31465]: packet from
> 217.162.92.182:500: initial Main Mode message received on
> 217.162.140.106:500 but no connection has been authorized
> + _________________________ date

None of the information received by the Bering router is acceptable
to setup a connection.
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to