On 28 Jul 2003, James Pifer wrote: IIRC, you don't need to be subscribed to the mail list to post, hence that large amount of spam/virii found there.
> HI. I know this is better posted on the freeswan mailing list, but I > have been unable to join their list. Not sure what the problem is. > > Anyway, I'm trying to get a VPN branch office type connection between > freeswan and a Nortel Contivity switch. At this point I'm very close. > Looks like the session gets started but then I get some errors and it > drops. See the errors below. I'm doing shared secret, anyone know what > Invalid ID Information means? My uneducated guess is the PSK (pre-shared keys) are not matching. Based on the following: > 07/25/2003 13:45:52 0 ISAKMP [13] Error notification (Invalid ID > information) received from 28.73.99.190 But really, to troubleshoot I'd either need an "ipsec auto --status" or and "ipsec barf" for more details. You could also change settings in ipsec.conf to have debug info turned on. The output below looks like it's from /var/log/messages and it kinda sparse. > By the way, I'm running IPCop and I think this is actually > SuperFreeswan. I have posted to their list, but it's more of a freeswan > issue. > > Any help is appreciated. > > Thanks, > James > > 07/25/2003 13:45:51 0 Branch Office [01] IPSEC branch office connection > initiated to [EMAIL PROTECTED] > loc[8.0.0.0-248.0.0.0] > 07/25/2003 13:45:51 0 Security [11] Session: IPSEC[28.73.99.190] > attempting login > 07/25/2003 13:45:51 0 Security [01] Session: IPSEC[28.73.99.190] has no > active sessions > 07/25/2003 13:45:51 0 Security [01] Session: IPSEC[28.73.99.190] dave2 > has no active accounts > 07/25/2003 13:45:51 0 Security [01] Session: IPSEC[28.73.99.190]:167775 > SHARED-SECRET authenticate attempt... > 07/25/2003 13:45:51 0 Security [01] Session: IPSEC[28.73.99.190]:167775 > attempting authentication using LOCAL > 07/25/2003 13:45:51 0 Security [11] Session: IPSEC[28.73.99.190]:167775 > authenticated using LOCAL > 07/25/2003 13:45:51 0 Security [11] Session: IPSEC[28.73.99.190]:167775 > bound to group /Base/james/dave2 > 07/25/2003 13:45:51 0 Security [01] Session: IPSEC[28.73.99.190]:167775 > using group filter permit all > 07/25/2003 13:45:51 0 Security [11] Session: IPSEC[28.73.99.190]:167775 > authorized > 07/25/2003 13:45:51 0 Security [11] Session: network > IPSEC[192.168.1.0-255.255.255.0] attempting login > 07/25/2003 13:45:51 0 Security [11] Session: network > IPSEC[192.168.1.0-255.255.255.0] logged in from gateway [28.73.99.190] > 07/25/2003 13:45:51 0 ISAKMP [02] ISAKMP SA established with > 28.73.99.190 > 07/25/2003 13:45:52 0 ISAKMP [13] Error notification (Invalid ID > information) received from 28.73.99.190 > 07/25/2003 13:45:52 0 ISAKMP [13] No SPI on Notify message after Phase 1 > - dropping it > 07/25/2003 13:46:07 0 ISAKMP [13] Error notification (Invalid message > ID) received from 28.73.99.190 > 07/25/2003 13:46:07 0 ISAKMP [13] No SPI on Notify message after Phase 1 > - dropping it > 07/25/2003 13:46:23 0 ISAKMP [13] Error notification (Invalid message > ID) received from 28.73.99.190 > 07/25/2003 13:46:23 0 ISAKMP [13] No SPI on Notify message after Phase 1 > - dropping it > 07/25/2003 13:46:39 0 ISAKMP [13] Error notification (Invalid message > ID) received from 28.73.99.190 > 07/25/2003 13:46:39 0 ISAKMP [13] No SPI on Notify message after Phase 1 > - dropping it > 07/25/2003 13:46:55 0 Security [13] Session: IPSEC[28.73.99.190]:167775 > No response from client - logging out > 07/25/2003 13:46:55 0 Security [12] Session: IPSEC[-]:167776 logged out > 07/25/2003 13:46:55 0 Security [12] Session: IPSEC[28.73.99.190]:167775 > logged out > 07/25/2003 13:46:55 0 ISAKMP [02] Deleting ISAKMP SA with 28.73.99.190 > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list