Home » Mailing list archives » openbsd-misc » 2007 » June » 15

questions regarding ipsec tunnel

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Sebastian Reitenbach
Subject: questions regarding ipsec tunnel
Date: Friday, June 15, 2007 - 3:14 am

Hi all,

I have a problem to get a stable IPsec connection running from my OpenBSD 
4.1 host to some kind of VPN appliance.

ike active esp from 192.168.27.0/24 to 192.168.0.0/16 \
       local 223.150.201.44 peer 34.123.15.43 \
       main auth hmac-md5 enc 3des group grp2 \
       quick auth hmac-md5 enc aes group modp1024 \
       psk "MySecretPassPhrase"


ipsecctl -s all shows me the flows in and out and the SAD' too, and 
netstat -rn -f encap shows me a route too. But in /var/log/messages I see 
the following:


Jun 15 07:56:15 vpn1 isakmpd[21808]: message_negotiate_sa: no compatible 
proposal found
Jun 15 07:56:15 vpn1 isakmpd[21808]: dropped message from 34.123.15.43 port 
500 due to notification type 


And after some minutes (or hours, don't know exactly) the tunnel is vanished 
from netstat -rn -f encap and ipsecctl -s all.

How does the tunnel show up in the routing, and ipsecctl -s all, when "no 
compatible proposal found"?

Do I can find out when I start with debug output, what the right proposal 
would be ?

kind regards
Sebastian
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
questions regarding ipsec tunnel, Sebastian Reitenbach, (Fri Jun 15, 3:14 am)
Re: questions regarding ipsec tunnel, Claer, (Fri Jun 15, 6:39 am)
Re: questions regarding ipsec tunnel, Stuart Henderson, (Fri Jun 15, 6:50 am)