[strongSwan] Please help - Using strongSwan to connect to CheckPoint VPN-1

Sucha Singh soorma_j4tt at yahoo.co.uk
Wed Mar 3 21:15:54 CET 2010 

Hi All,

Thanks Martin, I've made some more progress, I am now getting the following error when I run "ipsec up test":

002 "test" #2: initiating Main Mode
104 "test" #2: STATE_MAIN_I1: initiate
003 "test" #2: ignoring informational payload, type NO_PROPOSAL_CHOSEN
010 "test" #2: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "test" #2: STATE_MAIN_I1: retransmission; will wait 40s for response
031 "test" #2: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message

My ipsec.conf now looks like this:

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
    plutostart=yes
    nat_traversal=yes
    plutodebug=all

# Add connections here.

conn test
       auto=add
       authby=xauthrsasig
       forceencaps=yes
       keyexchange=ikev1
       keyingtries=1
       type=tunnel
       xauth=client
       right=<IP address of CheckPoint VPN>
       left=<IP address of my laptop>

# include /var/lib/strongswan/ipsec.conf.inc

>From what sense I can make from the error, I assume it means that my client request has reached the VPN gateway, but the authentication/encryption protocols don't match?

I sincerely appreciate the help you guys are providing.

Regards,

Jana

--- On Wed, 3/3/10, Martin Willi <martin at strongswan.org> wrote:

From: Martin Willi <martin at strongswan.org>
Subject: Re: [strongSwan] Please help - Using strongSwan to connect to CheckPoint VPN-1
To: "Sucha Singh" <soorma_j4tt at yahoo.co.uk>
Cc: "Daniel Mentz" <danielml+mailinglists.strongswan at sent.com>, users at lists.strongswan.org
Date: Wednesday, 3 March, 2010, 7:32

Hi,

> conn test
>        authby=xauthrsasig
>        forceencaps=yes
>        keyexchange=ikev1
>        keyingtries=1
>        type=tunnel
>        xauth=client
>        right=<CheckPoint VPN Firewall IP Address>
>        leftsourceip=%modeconfig

> ipsec up test
> 021 no connection named "test"

You additionally need the "auto" parameter. auto=add loads the
configuration to the IKE daemon. auto=start additionally starts the
connection automatically. man ipsec.conf for details.

Regards
Martin

More information about the Users mailing list