[strongSwan] Please help - Using strongSwan to connect to CheckPoint VPN-1
andreas.steffen at strongswan.org
Thu Mar 4 07:05:54 CET 2010
the log entry:
ignoring informational payload, type NO_PROPOSAL_CHOSEN
means that the CheckPoint box does not like your proposal.
Is it really configuredd to do XAUTH with certificate-based
Sucha Singh wrote:
> Hi All,
> Thanks Martin, I've made some more progress, I am now getting the following error when I run "ipsec up test":
> 002 "test" #2: initiating Main Mode
> 104 "test" #2: STATE_MAIN_I1: initiate
> 003 "test" #2: ignoring informational payload, type NO_PROPOSAL_CHOSEN
> 010 "test" #2: STATE_MAIN_I1: retransmission; will wait 20s for response
> 010 "test" #2: STATE_MAIN_I1: retransmission; will wait 40s for response
> 031 "test" #2: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
> My ipsec.conf now looks like this:
> # ipsec.conf - strongSwan IPsec configuration file
> # basic configuration
> config setup
> # Add connections here.
> conn test
> right=<IP address of CheckPoint VPN>
> left=<IP address of my laptop>
> # include /var/lib/strongswan/ipsec.conf.inc
>>From what sense I can make from the error, I assume it means that my client request has reached the VPN gateway, but the authentication/encryption protocols don't match?
> I sincerely appreciate the help you guys are providing.
> --- On Wed, 3/3/10, Martin Willi <martin at strongswan.org> wrote:
> From: Martin Willi <martin at strongswan.org>
> Subject: Re: [strongSwan] Please help - Using strongSwan to connect to CheckPoint VPN-1
> To: "Sucha Singh" <soorma_j4tt at yahoo.co.uk>
> Cc: "Daniel Mentz" <danielml+mailinglists.strongswan at sent.com>, users at lists.strongswan.org
> Date: Wednesday, 3 March, 2010, 7:32
>> conn test
>> right=<CheckPoint VPN Firewall IP Address>
>> ipsec up test
>> 021 no connection named "test"
> You additionally need the "auto" parameter. auto=add loads the
> configuration to the IKE daemon. auto=start additionally starts the
> connection automatically. man ipsec.conf for details.
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users